WebApps/Observium_CE
1
0
Fork 0
Code Pull Requests Activity
Observium_CE/mibs/nokia/TIMETRA-SECURITY-MIB

17302 lines
644 KiB
Plaintext
Raw Blame History

TIMETRA-SECURITY-MIB DEFINITIONS ::= BEGIN
IMPORTS
CounterBasedGauge64
FROM HCNUM-TC
Dot1agCfmMDLevel
FROM IEEE8021-CFM-MIB
InterfaceIndexOrZero
FROM IF-MIB
InetAddress, InetAddressIPv6,
InetAddressPrefixLength, InetAddressType
FROM INET-ADDRESS-MIB
MODULE-COMPLIANCE, NOTIFICATION-GROUP,
OBJECT-GROUP
FROM SNMPv2-CONF
Counter32, Counter64, Gauge32,
Integer32, IpAddress, MODULE-IDENTITY,
NOTIFICATION-TYPE, OBJECT-TYPE,
Unsigned32
FROM SNMPv2-SMI
DateAndTime, DisplayString, MacAddress,
RowStatus, TEXTUAL-CONVENTION,
TimeStamp, TruthValue
FROM SNMPv2-TC
tmnxCpmFlashHwIndex,
tmnxCpmFlashOperStatus
FROM TIMETRA-CHASSIS-MIB
TEntryId, TFilterLogId,
TFltrPortSelector, TItemMatch
FROM TIMETRA-FILTER-MIB
timetraSRMIBModules, tmnxSRConfs,
tmnxSRNotifyPrefix, tmnxSRObjs
FROM TIMETRA-GLOBAL-MIB
tmnxPortPortID
FROM TIMETRA-PORT-MIB
sapEncapValue, sapPortId
FROM TIMETRA-SAP-MIB
sdpBindId
FROM TIMETRA-SDP-MIB
svcId
FROM TIMETRA-SERV-MIB
Dot1PPriority, Dot1PPriorityMask,
Dot1PPriorityNonZeroMask, IPv6FlowLabel,
InterfaceIndex, IpAddressPrefixLength,
ServiceAccessPoint, TCIRRate,
TCpmFilterBurstSize, TCpmProtPolicyID,
TDSCPNameOrEmpty, TIcmpCodeOrNone,
TIcmpTypeOrNone, TIpOption, TIpProtocol,
TItemDescription, TLDisplayString,
TLNamedItemOrEmpty, TNamedItem,
TNamedItemOrEmpty, TOperator, TPIRRate,
TPIRRateOrZero, TRegularExpression,
TTcpUdpPort, TXLNamedItemOrEmpty,
TmnxActionType, TmnxAdminState,
TmnxAdminStateUpDown, TmnxCliEngine,
TmnxDisplayStringURL,
TmnxDistCpuProtAction,
TmnxDistCpuProtActionDuration,
TmnxDistCpuProtBurstSize,
TmnxDistCpuProtEnforceType,
TmnxDistCpuProtLogEventType,
TmnxDistCpuProtPacketRateLimit,
TmnxDistCpuProtProtocolId,
TmnxDistCpuProtRate,
TmnxDistCpuProtRateType,
TmnxLongDisplayString, TmnxOperState,
TmnxPortID, TmnxScriptAuthType,
TmnxSecRadiusServAlgorithm, TmnxServId,
TmnxVRtrIDOrZero
FROM TIMETRA-TC-MIB
vRtrID, vRtrIfIndex
FROM TIMETRA-VRTR-MIB
;
timetraSecurityMIBModule MODULE-IDENTITY
LAST-UPDATED "201701010000Z"
ORGANIZATION "Nokia"
CONTACT-INFO
"Nokia SROS Support
Web: http://www.nokia.com"
DESCRIPTION
"This document is the SNMP MIB module to manage and provision Security
features on Nokia SROS systems.
Copyright 2003-2018 Nokia. All rights reserved. Reproduction of this
document is authorized on the condition that the foregoing copyright
notice is included.
This SNMP MIB module (Specification) embodies Nokia's
proprietary intellectual property. Nokia retains
all title and ownership in the Specification, including any
revisions.
Nokia grants all interested parties a non-exclusive license to use and
distribute an unmodified copy of this Specification in connection with
management of Nokia products, and without fee, provided this copyright
notice and license appear on all copies.
This Specification is supplied 'as is', and Nokia makes no warranty,
either express or implied, as to the use, operation, condition, or
performance of the Specification."
REVISION "201701010000Z"
DESCRIPTION
"Rev 15.0 1 Jan 2017 00:00
15.0 release of the TIMETRA-SECURITY-MIB."
REVISION "201602010000Z"
DESCRIPTION
"Rev 14.0 1 Feb 2016 00:00
14.0 release of the TIMETRA-SECURITY-MIB."
REVISION "201502010000Z"
DESCRIPTION
"Rev 13.0 1 Feb 2015 00:00
13.0 release of the TIMETRA-SECURITY-MIB."
REVISION "201401010000Z"
DESCRIPTION
"Rev 12.0 1 Jan 2014 00:00
12.0 release of the TIMETRA-SECURITY-MIB."
REVISION "201208010000Z"
DESCRIPTION
"Rev 11.0 1 Aug 2012 00:00
11.0 release of the TIMETRA-SECURITY-MIB."
REVISION "201111010000Z"
DESCRIPTION
"Rev 10.0 1 Nov 2011 00:00
10.0 release of the TIMETRA-SECURITY-MIB."
REVISION "201102010000Z"
DESCRIPTION
"Rev 9.0 1 Feb 2011 00:00
9.0 release of the TIMETRA-SECURITY-MIB."
REVISION "200902280000Z"
DESCRIPTION
"Rev 7.0 28 Feb 2009 00:00
7.0 release of the TIMETRA-SECURITY-MIB."
REVISION "200807010000Z"
DESCRIPTION
"Rev 6.1 01 Jul 2008 00:00
6.1 release of the TIMETRA-SECURITY-MIB."
REVISION "200801010000Z"
DESCRIPTION
"Rev 6.0 01 Jan 2008 00:00
6.0 release of the TIMETRA-SECURITY-MIB."
REVISION "200701010000Z"
DESCRIPTION
"Rev 5.0 01 Jan 2007 00:00
5.0 release of the TIMETRA-SECURITY-MIB."
REVISION "200602280000Z"
DESCRIPTION
"Rev 4.0 28 Feb 2006 00:00
4.0 release of the TIMETRA-SECURITY-MIB."
REVISION "200508310000Z"
DESCRIPTION
"Rev 3.0 31 Aug 2005 00:00
3.0 release of the TIMETRA-SECURITY-MIB."
REVISION "200501240000Z"
DESCRIPTION
"Rev 2.1 24 Jan 2005 00:00
2.1 release of the TIMETRA-SECURITY-MIB."
REVISION "200401150000Z"
DESCRIPTION
"Rev 2.0 15 Jan 2004 00:00
2.0 release of the TIMETRA-SECURITY-MIB."
REVISION "200308150000Z"
DESCRIPTION
"Rev 1.2 15 Aug 2003 00:00
1.2 release of the TIMETRA-SECURITY-MIB."
REVISION "200301270000Z"
DESCRIPTION
"Rev 0.1 27 Jan 2003 00:00
Initial version of the TIMETRA-SECURITY-MIB."
::= { timetraSRMIBModules 22 }
TProfileAction ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Action to take be taken as a result of matching
one of profile's match entries.
deny (1) - matching commands are denied access.
allow (2) - matching commands are allowed access. if the
none (3) - no action is taken giving way to other
profile matching to happen.
read-only (4) - matching commands are allowed read access only"
SYNTAX INTEGER {
deny (1),
allow (2),
none (3),
read-only (4)
}
TProfileGrpcRpcAuth ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TProfileGrpcRpcAuth data type is an enumerated integer
that describes the values used to specify user access to an RPC.
permit (1) - user is permitted to access the RPC.
deny (2) - user is denied access to the RPC and a reply message
with 'Unauthenticated' gRPC status is issued."
SYNTAX INTEGER {
permit (1),
deny (2)
}
TProfileMatchAction ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Action to take be taken as a result of matching
one of profile's match entries.
deny (1) - matching commands are denied access.
allow (2) - matching commands are allowed access. if the
none (3) - no action is taken giving way to other
profile matching to happen.
read-only (4) - matching commands are allowed read access only"
SYNTAX INTEGER {
deny (1),
allow (2),
none (3),
read-only (4)
}
TmnxMafAction ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"Action to take be taken as a result of matching the configured
criteria in a Management Access Filter.
none (0) - no action specified, follow default behavior.
permit (1) - packets matching the configured criteria are
permitted.
deny (2) - packets matching the configured criteria are
denied and an ICMP host unreachable message
is issued.
denyHostUnreachable (3) - packets matching the configured criteria
are denied and no ICMP host unreachable
message is issued."
SYNTAX INTEGER {
none (0),
permit (1),
deny (2),
denyHostUnreachable (3)
}
TCpmFilterQueueId ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TCpmFilterQueueId is an integer value that identifies a CPM queue. The
value '0' is used if there is no queue defined"
SYNTAX Unsigned32 (0 | 33..2000)
TCpmFilterActionOrDefault ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TCpmFilterActionOrDefault data type is an enumerated integer
that describes the values used to specify the action to take on the
traffic when the filter entry matches.
drop (1) packets matching the filter entry are dropped
forward (2) packets matching the filter entry are forwarded
queue (3) packets matching the filter are sent to queue
tCpmFilterQueueId
default (4) the disposition of packets matching the filter is
determined by the default action of the filter"
SYNTAX INTEGER {
drop (1),
forward (2),
queue (3),
default (4)
}
TmnxKeyChainKeyDirection ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxKeyChainKeyDirection data type is an enumerated integer that
indicates the tcp-stream direction to apply the keychain on."
SYNTAX INTEGER {
send (1),
receive (2),
send-receive (3)
}
TmnxKeyChainKeyAlgorithm ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxKeyChainKeyAlgorithm data type is an enumerated integer that
indicates the encryption algorithm to be used by the key defined in
the keychain."
SYNTAX INTEGER {
nullKeyAlgo (0),
aes128Cmac96 (1),
hmacSha196 (2),
password (3),
message-digest (4),
hmacMd5 (5),
hmacSha1 (6),
hmacSha256 (7),
aes128Gcm16 (8)
}
TmnxKeyChainKeyOption ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxKeyChainKeyOption data type is an enumerated integer that
indicates the option to be used by the key defined in the keychain."
SYNTAX INTEGER {
none (0),
basic (1),
isis-enhanced (2)
}
TmnxKeyChainTcpOptionNum ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxKeyChainTcpOptionNum data type is an enumerated integer that
indicates the TCP option number to be used in the TCP header."
SYNTAX INTEGER {
value253 (1),
value254 (2),
all (3),
tcp-ao (4)
}
TmnxMafType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TmnxMafType data type is an enumerated integer that describes the
type of packets a filter applies to."
SYNTAX INTEGER {
ipv4 (1),
ipv6 (2),
mac (3)
}
TmnxCpmPacketRateLimit ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A packet rate limit expressed in packets per second.
The value -1 means unlimited rate."
SYNTAX Integer32 (-1 | 1..65535)
TmnxCpmPacketPolRateLimit ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A packet rate limit expressed in packets per second for CPU protection
policy parameters.
The value -1 means unlimited rate."
SYNTAX Integer32 (-1 | 1..65534)
TmnxCpmPktPolRateLimitInclZero ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A packet rate limit expressed in packets per second for CPU protection
policy parameters.
The value zero means a limit of zero packets per second.
The value -1 means unlimited rate."
SYNTAX Integer32 (-1..65534)
TmnxCpmPacketRate ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"A packet rate expressed in packets per second."
SYNTAX Gauge32 (0..4294967295)
TmnxCpmProtEthCfmOpCode ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The Opcode field within an Ethernet Connectivity Fault Management PDU
has this range."
REFERENCE
"ITU-T Y.1731 Specification, 02/2008"
SYNTAX Unsigned32 (0..255)
TmnxMafMacFltrFrameType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The type of the frame for which this mac filter match criteria is
defined."
SYNTAX INTEGER {
e802dot3 (0),
e802dot2LLC (1),
e802dot2SNAP (2),
ethernetII (3),
e802dot1ag (4)
}
TmnxCpmMacFltrFrameType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The type of the frame for which this mac filter match criteria is
defined."
SYNTAX INTEGER {
none (-1),
e802dot2LLC (1),
ethernetII (3),
e802dot1ag (4)
}
TCpmFilterPortOperator ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention specifies the manner in which the CPM filter
port objects have to be interpreted.
- If the operator takes the value mask(0) then the filter uses the port
and port-mask values as match criterion; port-high can take any value
but is ignored by the filter
- If the operator takes the value range(1) then the filter uses the
port range specified by port (lower bound) and port-high (upper
bound) as match criterion; port-mask can take any value but is
ignored by the filter."
SYNTAX INTEGER {
mask (0),
range (1)
}
TSSHCipherNumber ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"This textual convention specifies the ciphers that are used by SSH
protocol version 1 and SSH protocol version 2."
SYNTAX INTEGER {
none (0),
des (2),
threeDes (3),
blowfish (6),
threeDesCbc (32),
blowfishCbc (33),
cast128Cbc (34),
arcfour (35),
aes128Cbc (36),
aes192Cbc (37),
aes256Cbc (38),
rijndaelCbc (39),
aes128Ctr (40),
aes192Ctr (41),
aes256Ctr (42)
}
TmnxSessionLimit ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxSessionLimit is an integer value that specifies the limit for
number of concurrent user access sessions (SSH, Telnet, Total).
The value -1 means there is no limit for number of sessions of a given
type."
SYNTAX Integer32 (-1 | 0..50)
TmnxPasswordAuthenOrder ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxPasswordAuthenOrder is an integer value that specifies the user
authentication method."
SYNTAX INTEGER {
none (0),
local (1),
radius (2),
tacplus (3),
ldap (4)
}
TmnxPkiCNType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TmnxPkiCNType data type is an enumerated integer that indicates
the type of Common Name in Common Name list.
Common Name is present in a certificate in field 'Common Name' (CN) or
in the extension 'Subject Alternative Name' (SAN). Common Name can be
present in Common Name list as a plain text or as regular expression."
SYNTAX INTEGER {
ip-address (1),
domain-name (2)
}
TSSHMacNumber ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TSSHMacNumber data type specifies the MAC (message authentication
code) algorithms that are used by the SSH protocol version 2."
SYNTAX INTEGER {
hmacSha512 (1),
hmacSha256 (2),
hmacSha1 (3),
hmacSha196 (4),
hmacMd5 (5),
hmacRipemd160 (6),
hmacRipemd160OpensshCom (7),
hmacMd596 (8)
}
TmnxPassHashReadType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxPassHashReadType specifies the hash algorithm accepted by the
system while executing commands."
SYNTAX INTEGER {
all-hash (0),
hash (1),
hash2 (2),
custom (3)
}
TmnxPassHashWriteType ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"TmnxPassHashWriteType specifies the hash version to be used while
saving the configuration files."
SYNTAX INTEGER {
cleartext (0),
hash (1),
hash2 (2),
custom (3)
}
TSSHKexNumber ::= TEXTUAL-CONVENTION
STATUS current
DESCRIPTION
"The TSSHKexNumber data type specifies the KEX (key exchange)
algorithms that are used by the SSH protocol version 2."
SYNTAX INTEGER {
diffieHellmanGroup1Sha1 (1),
diffieHellmanGroup14Sha1 (2),
diffieHellmanGroupExchangeSha1 (3),
diffieHellmanGroup14Sha256 (4),
diffieHellmanGroup16Sha512 (5)
}
tmnxSecurityObjects OBJECT IDENTIFIER ::= { tmnxSRObjs 22 }
tmnxUserProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxUserProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store the user profiles for access to the commands in the
command line interface."
::= { tmnxSecurityObjects 1 }
tmnxUserProfileEntry OBJECT-TYPE
SYNTAX TmnxUserProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single user profile."
INDEX { tmnxUserProfile }
::= { tmnxUserProfileTable 1 }
TmnxUserProfileEntry ::= SEQUENCE
{
tmnxUserProfile TNamedItem,
tmnxUserProfileRowStatus RowStatus,
tmnxUserProfileDefaultAction TProfileAction,
tmnxUserProfileLi TruthValue,
tmnxUserProfileNCKillSession TruthValue,
tmnxUserProfileSshLimit TmnxSessionLimit,
tmnxUserProfileTelnetLimit TmnxSessionLimit,
tmnxUserProfileTotalLimit TmnxSessionLimit,
tmnxUserProfileCliSessionGroup TNamedItemOrEmpty,
tmnxUserProfileNCLock TruthValue,
tmnxUserProfileGrpcAuthGet TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthSet TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthSubscribe TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthGnmiCap TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthRAModify TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthRAGetVer TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthCMRotate TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthCMInstall TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthCMGetCert TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthCMRevoke TProfileGrpcRpcAuth,
tmnxUserProfileGrpcAuthCMCanGen TProfileGrpcRpcAuth
}
tmnxUserProfile OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The name of the profile is the index to the table."
::= { tmnxUserProfileEntry 1 }
tmnxUserProfileRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Row Status for the user profile. The deletion of this row has an
action of removing the dependent rows in the tmnxUserProfileTable. "
::= { tmnxUserProfileEntry 2 }
tmnxUserProfileDefaultAction OBJECT-TYPE
SYNTAX TProfileAction
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The action to be given to the user profile in case if none of the
entries match the command."
DEFVAL { deny }
::= { tmnxUserProfileEntry 3 }
tmnxUserProfileLi OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileLi specifies whether or this profile
can be assigned to a user to support Lawful Intercept (LI)
operations. This object can only be modified from the SNMPv3 'li'
context."
DEFVAL { false }
::= { tmnxUserProfileEntry 4 }
tmnxUserProfileNCKillSession OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileNCKillSession specifies whether or this
profile can be assigned to a user to support NETCONF Kill Session
operations."
DEFVAL { false }
::= { tmnxUserProfileEntry 5 }
tmnxUserProfileSshLimit OBJECT-TYPE
SYNTAX TmnxSessionLimit
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxUserProfileSshLimit specifies the maximum
limit of concurrent SSH sessions for given User Profile."
DEFVAL { -1 }
::= { tmnxUserProfileEntry 6 }
tmnxUserProfileTelnetLimit OBJECT-TYPE
SYNTAX TmnxSessionLimit
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxUserProfileTelnetLimit specifies the
maximum limit of concurrent TELNET sessions for given User Profile."
DEFVAL { -1 }
::= { tmnxUserProfileEntry 7 }
tmnxUserProfileTotalLimit OBJECT-TYPE
SYNTAX TmnxSessionLimit
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxUserProfileTotalLimit specifies the
combined maximum limit of concurrent TELNET and SSH sessions for given
User Profile."
DEFVAL { -1 }
::= { tmnxUserProfileEntry 8 }
tmnxUserProfileCliSessionGroup OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileCliSessionGroup specifies a cli session
group that the profile belongs to. This cli session group must be a
valid row entry in tmnxCliSessionGroupEntry."
DEFVAL { ''H }
::= { tmnxUserProfileEntry 9 }
tmnxUserProfileNCLock OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileNCLock specifies whether or this profile
can be assigned to a user to support NETCONF Lock/Unlock operations."
DEFVAL { false }
::= { tmnxUserProfileEntry 10 }
tmnxUserProfileGrpcAuthGet OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthGet specifies whether a user to
whom this profile is assigned is allowed to execute the gRPC gNMI Get
RPC."
DEFVAL { permit }
::= { tmnxUserProfileEntry 11 }
tmnxUserProfileGrpcAuthSet OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthSet specifies whether a user to
whom this profile is assigned is allowed to execute the gRPC gNMI Set
RPC."
DEFVAL { permit }
::= { tmnxUserProfileEntry 12 }
tmnxUserProfileGrpcAuthSubscribe OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthSubscribe specifies whether a user
to whom this profile is assigned is allowed to execute the gRPC gNMI
Subscribe RPC."
DEFVAL { permit }
::= { tmnxUserProfileEntry 13 }
tmnxUserProfileGrpcAuthGnmiCap OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthGnmiCap specifies whether a user
to whom this profile is assigned is allowed to execute the gRPC gNMI
Capabilities RPC."
DEFVAL { permit }
::= { tmnxUserProfileEntry 14 }
tmnxUserProfileGrpcAuthRAModify OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthRAModify specifies whether a user
to whom this profile is assigned is allowed to execute the gRPC RibApi
Modify RPC."
DEFVAL { permit }
::= { tmnxUserProfileEntry 15 }
tmnxUserProfileGrpcAuthRAGetVer OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthRAGetVer specifies whether a user
to whom this profile is assigned is allowed to execute the gRPC RibApi
'GetVersion' RPC."
DEFVAL { permit }
::= { tmnxUserProfileEntry 16 }
tmnxUserProfileGrpcAuthCMRotate OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthCMRotate specifies whether a user
to whom this profile is assigned is allowed to execute the gRPC gNOI
CertificateManagement Rotate RPC."
DEFVAL { deny }
::= { tmnxUserProfileEntry 17 }
tmnxUserProfileGrpcAuthCMInstall OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthCMInstall specifies whether a user
to whom this profile is assigned is allowed to execute the gRPC gNOI
CertificateManagement Install RPC."
DEFVAL { deny }
::= { tmnxUserProfileEntry 18 }
tmnxUserProfileGrpcAuthCMGetCert OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthCMGetCert specifies whether a user
to whom this profile is assigned is allowed to execute the gRPC gNOI
CertificateManagement 'GetCertificates' RPC."
DEFVAL { deny }
::= { tmnxUserProfileEntry 19 }
tmnxUserProfileGrpcAuthCMRevoke OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthCMRevoke specifies whether a user
to whom this profile is assigned is allowed to execute the gRPC gNOI
CertificateManagement 'RevokeCertificates' RPC."
DEFVAL { deny }
::= { tmnxUserProfileEntry 20 }
tmnxUserProfileGrpcAuthCMCanGen OBJECT-TYPE
SYNTAX TProfileGrpcRpcAuth
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserProfileGrpcAuthCMCanGen specifies whether a user
to whom this profile is assigned is allowed to execute the gRPC gNOI
CertificateManagement 'CanGenerateCSR' RPC."
DEFVAL { deny }
::= { tmnxUserProfileEntry 21 }
tmnxUserProfileMatchTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxUserProfileMatchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table which stores multiple entries per user profile to define
specific action to be taken in case if the command matches the entry."
::= { tmnxSecurityObjects 2 }
tmnxUserProfileMatchEntry OBJECT-TYPE
SYNTAX TmnxUserProfileMatchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single user profile."
INDEX {
tmnxUserProfile,
tmnxUserProfileMatchId
}
::= { tmnxUserProfileMatchTable 1 }
TmnxUserProfileMatchEntry ::= SEQUENCE
{
tmnxUserProfileMatchId Unsigned32,
tmnxUserProfileMatchRowStatus RowStatus,
tmnxUserProfileMatchDescription TItemDescription,
tmnxUserProfileMatchAction TProfileMatchAction,
tmnxUserProfileMatchString DisplayString
}
tmnxUserProfileMatchId OBJECT-TYPE
SYNTAX Unsigned32 (1..9999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The Secondary index for the table"
::= { tmnxUserProfileMatchEntry 1 }
tmnxUserProfileMatchRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Row Status for the user profile match."
::= { tmnxUserProfileMatchEntry 2 }
tmnxUserProfileMatchDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"User-provided description for the match entry."
DEFVAL { ''H }
::= { tmnxUserProfileMatchEntry 3 }
tmnxUserProfileMatchAction OBJECT-TYPE
SYNTAX TProfileMatchAction
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Action to be used in case if a command matches this entry."
::= { tmnxUserProfileMatchEntry 4 }
tmnxUserProfileMatchString OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Match string to be used for this entry."
::= { tmnxUserProfileMatchEntry 5 }
tmnxUserTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxUserEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxUserTable contains configuration information for the system users."
::= { tmnxSecurityObjects 3 }
tmnxUserEntry OBJECT-TYPE
SYNTAX TmnxUserEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxUserEntry is an entry (conceptual row) in the tmnxUserEntry. Each
entry represents the configuration for a system user. Entries in this
table can be created and deleted via SNMP SET operations to
tmnxUserRowStatus."
INDEX { IMPLIED tmnxUserName }
::= { tmnxUserTable 1 }
TmnxUserEntry ::= SEQUENCE
{
tmnxUserName TNamedItem,
tmnxUserRowStatus RowStatus,
tmnxUserPassword DisplayString,
tmnxUserPasswordEncrypted TruthValue,
tmnxUserAccess BITS,
tmnxUserHomeDirectory DisplayString,
tmnxUserRestrictedToHome TruthValue,
tmnxUserConsoleLoginExecFile DisplayString,
tmnxUserConsoleCannotChangePswd TruthValue,
tmnxUserConsoleNewPswdAtLogin TruthValue,
tmnxUserConsoleMemberProfile1 TNamedItemOrEmpty,
tmnxUserConsoleMemberProfile2 TNamedItemOrEmpty,
tmnxUserConsoleMemberProfile3 TNamedItemOrEmpty,
tmnxUserConsoleMemberProfile4 TNamedItemOrEmpty,
tmnxUserConsoleMemberProfile5 TNamedItemOrEmpty,
tmnxUserConsoleMemberProfile6 TNamedItemOrEmpty,
tmnxUserConsoleMemberProfile7 TNamedItemOrEmpty,
tmnxUserConsoleMemberProfile8 TNamedItemOrEmpty,
tmnxUserAttemptedLogins Counter32,
tmnxUserSuccessfulLogins Counter32,
tmnxUserPasswordChanged TimeStamp,
tmnxUserCliEngine1 TmnxCliEngine,
tmnxUserCliEngine2 TmnxCliEngine,
tmnxUserPasswordChangedTime DateAndTime,
tmnxUserPasswordExpirationTime DateAndTime
}
tmnxUserName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxUserName specifies the name for a system user. This
name must be unique amongst the table entries."
::= { tmnxUserEntry 1 }
tmnxUserRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"tmnxUserRowStatus controls the creation and deletion of rows in the
table.
To create a row in the tmnxUserTable, set tmnxUserRowStatus to
createAndGo(4). All objects will take on default values and the agent
will change tmnxUserRowStatus to active(1).
To delete a row in the tmnxUserTable, set tmnxUserRowStatus to
delete(6)."
::= { tmnxUserEntry 2 }
tmnxUserPassword OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..60))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserPassword specifies the password used to
authenticate the user for console and FTP access.
The password can be provided both as a plain text string, or as a
bcrypt encrypted hash.
The value of tmnxUserPassword cannot be more than 56 characters if it
is a plain text string.
Any GET request on this object returns an empty string."
DEFVAL { "" }
::= { tmnxUserEntry 3 }
tmnxUserPasswordEncrypted OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"This object has been obsoleted in release 12.0."
DEFVAL { true }
::= { tmnxUserEntry 4 }
tmnxUserAccess OBJECT-TYPE
SYNTAX BITS {
console (0),
ftp (1),
snmp (2),
li (3),
netconf (4),
grpc (5)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserAccess specifies the type of access the the user
is permitted. To allow the user access to the console, FTP or SNMP,
set the corresponding bit in tmnxUserAccess. Reset the bit to deny the
access.
'li' access allows this user to access CLI commands in the
Lawful Intercept (LI) context. The 'li' bit can only be modified
from the SNMPv3 'li' context. The 'netconf' bit allows this user to
make netconf request.
The 'grpc' bit allows this user to connect to the box via gRPC
session."
DEFVAL { {} }
::= { tmnxUserEntry 5 }
tmnxUserHomeDirectory OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..200))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserHomeDirectory specifies the local home directory
for the user for console and FTP access."
DEFVAL { ''H }
::= { tmnxUserEntry 6 }
tmnxUserRestrictedToHome OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"When the value of tmnxUserRestrictedToHome is 'true', the user is not
allowed to navigate to directories above his home directory for file
access.
When the value of tmnxUserRestrictedToHome is 'false', the user is
allowed access to directories above his home directory."
DEFVAL { false }
::= { tmnxUserEntry 7 }
tmnxUserConsoleLoginExecFile OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..200))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserConsoleLoginExecFile specifies the file that
should be executed whenever the user successfully logs in to a console
session."
DEFVAL { ''H }
::= { tmnxUserEntry 8 }
tmnxUserConsoleCannotChangePswd OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"When the value of tmnxUserConsoleCannotChangePswd is 'true', the user
does not have the privilege to change the password for console and FTP
login.
When the value of tmnxUserConsoleCannotChangePswd is 'false', the user
has the privilege to change the password for console and FTP login."
DEFVAL { false }
::= { tmnxUserEntry 9 }
tmnxUserConsoleNewPswdAtLogin OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"When the value of tmnxUserConsoleNewPswdAtLogin is 'true', the will be
forced to change his password at the next console or telnet or SSH
login.
When the value of tmnxUserConsoleNewPswdAtLogin is 'false', the will
not be forced to change his password at the next console or telnet or
SSH login."
DEFVAL { false }
::= { tmnxUserEntry 10 }
tmnxUserConsoleMemberProfile1 OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserConsoleMemberProfile1 specifies a user profile
that the user has access to. This profile must be a valid row entry in
tmnxUserProfileTable.
Each user can access a maximum of 8 user profiles. The value of the
nth user profile can be set only if all previous user profiles (1
through (n-1)) are non-empty strings. The order of the user profiles
is important. The first user profile has highest precedence, followed
by the second and so on."
DEFVAL { ''H }
::= { tmnxUserEntry 11 }
tmnxUserConsoleMemberProfile2 OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserConsoleMemberProfile2 specifies a user profile
that the user has access to. This profile must be a valid row entry in
tmnxUserProfileTable.
Each user can access a maximum of 8 user profiles. The value of the
nth user profile can be set only if all previous user profiles (1
through (n-1)) are non-empty strings. The order of the user profiles
is important. The first user profile has highest precedence, followed
by the second and so on."
DEFVAL { ''H }
::= { tmnxUserEntry 12 }
tmnxUserConsoleMemberProfile3 OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserConsoleMemberProfile3 specifies a user profile
that the user has access to. This profile must be a valid row entry in
tmnxUserProfileTable.
Each user can access a maximum of 8 user profiles. The value of the
nth user profile can be set only if all previous user profiles (1
through (n-1)) are non-empty strings. The order of the user profiles
is important. The first user profile has highest precedence, followed
by the second and so on."
DEFVAL { ''H }
::= { tmnxUserEntry 13 }
tmnxUserConsoleMemberProfile4 OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserConsoleMemberProfile4 specifies a user profile
that the user has access to. This profile must be a valid row entry in
tmnxUserProfileTable.
Each user can access a maximum of 8 user profiles. The value of the
nth user profile can be set only if all previous user profiles (1
through (n-1)) are non-empty strings. The order of the user profiles
is important. The first user profile has highest precedence, followed
by the second and so on."
DEFVAL { ''H }
::= { tmnxUserEntry 14 }
tmnxUserConsoleMemberProfile5 OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserConsoleMemberProfile5 specifies a user profile
that the user has access to. This profile must be a valid row entry in
tmnxUserProfileTable.
Each user can access a maximum of 8 user profiles. The value of the
nth user profile can be set only if all previous user profiles (1
through (n-1)) are non-empty strings. The order of the user profiles
is important. The first user profile has highest precedence, followed
by the second and so on."
DEFVAL { ''H }
::= { tmnxUserEntry 15 }
tmnxUserConsoleMemberProfile6 OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserConsoleMemberProfile6 specifies a user profile
that the user has access to. This profile must be a valid row entry in
tmnxUserProfileTable.
Each user can access a maximum of 8 user profiles. The value of the
nth user profile can be set only if all previous user profiles (1
through (n-1)) are non-empty strings. The order of the user profiles
is important. The first user profile has highest precedence, followed
by the second and so on."
DEFVAL { ''H }
::= { tmnxUserEntry 16 }
tmnxUserConsoleMemberProfile7 OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserConsoleMemberProfile7 specifies a user profile
that the user has access to. This profile must be a valid row entry in
tmnxUserProfileTable.
Each user can access a maximum of 8 user profiles. The value of the
nth user profile can be set only if all previous user profiles (1
through (n-1)) are non-empty strings. The order of the user profiles
is important. The first user profile has highest precedence, followed
by the second and so on."
DEFVAL { ''H }
::= { tmnxUserEntry 17 }
tmnxUserConsoleMemberProfile8 OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserConsoleMemberProfile8 specifies a user profile
that the user has access to. This profile must be a valid row entry in
tmnxUserProfileTable.
Each user can access a maximum of 8 user profiles. The value of the
nth user profile can be set only if all previous user profiles (1
through (n-1)) are non-empty strings. The order of the user profiles
is important. The first user profile has highest precedence, followed
by the second and so on."
DEFVAL { ''H }
::= { tmnxUserEntry 18 }
tmnxUserAttemptedLogins OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxUserAttemptedLogins indicates the number of times the
user has attempted to login irrespective of whether the login
succeeded or failed."
::= { tmnxUserEntry 19 }
tmnxUserSuccessfulLogins OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxUserSuccessfulLogins indicates the number of times
the user has successfully logged in."
::= { tmnxUserEntry 20 }
tmnxUserPasswordChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tmnxUserPasswordChanged indicates the value of sysUpTime
when the login password was last changed."
::= { tmnxUserEntry 21 }
tmnxUserCliEngine1 OBJECT-TYPE
SYNTAX TmnxCliEngine
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserCliEngine1 specifies the CLI engine that is
active when a user logs in.
Value systemDerived specifies that the CLI engine inherits the value
of tmnxSysMgmtCliEngine1 from tmnxSysMgmtProtocolTable.
Both tmnxUserCliEngine1 and tmnxUserCliEngine2 must be present in the
same set request."
DEFVAL { systemDerived }
::= { tmnxUserEntry 23 }
tmnxUserCliEngine2 OBJECT-TYPE
SYNTAX TmnxCliEngine
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserCliEngine2 specifies the secondary CLI engine
that is accessible to a logged-in user.
Value systemDerived specifies that the user does not have access to
secondary engine (i.e.: can only access engine specified by
tmnxUserCliEngine1).
Values other than systemDerived are used only if tmnxUserCliEngine1
also has value other than systemDerived and must differ from that
value.
Both tmnxUserCliEngine1 and tmnxUserCliEngine2 must be present in the
same set request."
DEFVAL { systemDerived }
::= { tmnxUserEntry 24 }
tmnxUserPasswordChangedTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxUserPasswordChangedTime specifies the calendar date
and time when the login password was last changed."
::= { tmnxUserEntry 25 }
tmnxUserPasswordExpirationTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxUserPasswordExpirationTime specifies the calendar
date and time when login password will be expire.
If password aging is disabled, '0-1-1,0:0:0.0,+0:0' is returned."
::= { tmnxUserEntry 26 }
tmnxMafObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 4 }
tmnxMafTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxMafEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"This table has been replaced with tmnxGenMafTable. The new table
allows to define both IPv4 and IPv6 MAFs.
The tmnxMafTable has an entry for each Management Access Filter
(MAF) configured on the system. Management Access Filters are
used to restrict management of this Nokia SROS device by
other nodes outside either specific (sub)networks or through
designated ports. By default no Management Access Filters are
defined and this table will be empty."
::= { tmnxMafObjs 1 }
tmnxMafEntry OBJECT-TYPE
SYNTAX TmnxMafEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"Each row entry contains information about a Management Access Filter
(MAF)."
INDEX { tmnxMafName }
::= { tmnxMafTable 1 }
TmnxMafEntry ::= SEQUENCE
{
tmnxMafName TNamedItem,
tmnxMafRowStatus RowStatus,
tmnxMafDefaultAction TmnxMafAction,
tmnxMafAdminState TmnxAdminState
}
tmnxMafName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"The value of tmnxMafName specifies the Management Access Filter (MAF)
represented by this row in the tmnxMafTable."
::= { tmnxMafEntry 1 }
tmnxMafRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The tmnxMafRowStatus object is used to create and delete rows in
the tmnxMafTable. The values supported during a set operation are
createAndGo(4), createAndWait(5) and destroy(6)."
::= { tmnxMafEntry 2 }
tmnxMafDefaultAction OBJECT-TYPE
SYNTAX TmnxMafAction
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafDefaultAction specifies the default action
for management access in the absence of a specific management
access filter entry match. The default action is applied
to a packet that does not satisfy any match criteria in any of
the management access filter match entries. Before a MAF can be
active, a default action must have been specified."
DEFVAL { none }
::= { tmnxMafEntry 3 }
tmnxMafAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafAdminState specifies the administrative state
for this management access filter. A value of 'outOfService'
disables this filter which results in permitting all traffic."
DEFVAL { inService }
::= { tmnxMafEntry 4 }
tmnxMafMatchTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxMafMatchEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"This tables has been replaced with the table tmnxIPMafMatchTable which
allows for both IPv4 and IPv6 MAF entries.
The tmnxMafMatchTable contains filter match criteria associated with
Management Access Filters (MAFs) configured on the system."
::= { tmnxMafObjs 2 }
tmnxMafMatchEntry OBJECT-TYPE
SYNTAX TmnxMafMatchEntry
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"Each row entry contains information about a management access filter
entry associated with a specific Management Access Filter (MAF).
The filter criteria are applied in order according to the value of
tmnxMafMatchIndex. The match algorithm is exited upon the first
match found and then the action specified is executed. For this
reason, entries must be sequenced from most to least explicit.
An entry where tmnxMafMatchAction has a value of 'none' is not
active."
INDEX {
tmnxMafName,
tmnxMafMatchIndex
}
::= { tmnxMafMatchTable 1 }
TmnxMafMatchEntry ::= SEQUENCE
{
tmnxMafMatchIndex Unsigned32,
tmnxMafMatchRowStatus RowStatus,
tmnxMafMatchLastChanged TimeStamp,
tmnxMafMatchAction TmnxMafAction,
tmnxMafMatchDescription TItemDescription,
tmnxMafMatchSrcIpAddr IpAddress,
tmnxMafMatchSrcIpMask IpAddressPrefixLength,
tmnxMafMatchSrcPortType INTEGER,
tmnxMafMatchSrcPortId TmnxPortID,
tmnxMafMatchDestPort TTcpUdpPort,
tmnxMafMatchDestPortMask Unsigned32,
tmnxMafMatchProtocol TIpProtocol,
tmnxMafMatchCount Counter64,
tmnxMafMatchRouter TNamedItemOrEmpty,
tmnxMafMatchLog TruthValue
}
tmnxMafMatchIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..9999)
MAX-ACCESS not-accessible
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchIndex specifies the Management Access Filter
Entry (MAFE) represented by this row in the tmnxMafMatchTable. It
is associated to a specific Management Access Filter by the value
of tmnxMafName index."
::= { tmnxMafMatchEntry 1 }
tmnxMafMatchRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The tmnxMafMatchRowStatus object is used to create and delete rows in
the tmnxMafMatchTable. The values supported during a set operation
are createAndGo(4), createAndWait(5) and destroy(6)."
::= { tmnxMafMatchEntry 2 }
tmnxMafMatchLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchLastChanged is the timestamp of last change
to this row in tmnxMafMatchTable."
::= { tmnxMafMatchEntry 3 }
tmnxMafMatchAction OBJECT-TYPE
SYNTAX TmnxMafAction
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchAction specifies the action to be taken
when a packet matches the selection criteria configured in this
management access filter entry. Before a filter entry can be active,
tmnxMafMatchAction must be assigned some value other than 'none'."
DEFVAL { none }
::= { tmnxMafMatchEntry 4 }
tmnxMafMatchDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchDescription is a user provided description
string for this Management Access Filter Entry. It can consist of
any printable, seven-bit ASCII characters up to 80 characters in
length."
DEFVAL { ''H }
::= { tmnxMafMatchEntry 5 }
tmnxMafMatchSrcIpAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchSrcIpAddr specifies IP address used with the
value of tmnxMafMatchSrcIpMask to indicate a source IP address range
to be used as the match criteria for this Management Access Filter
Entry."
DEFVAL { '00000000'H }
::= { tmnxMafMatchEntry 6 }
tmnxMafMatchSrcIpMask OBJECT-TYPE
SYNTAX IpAddressPrefixLength
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchSrcIpMask specifies the number of bits to
match of the source Ip Address."
DEFVAL { 0 }
::= { tmnxMafMatchEntry 7 }
tmnxMafMatchSrcPortType OBJECT-TYPE
SYNTAX INTEGER {
any (1),
cpm (2),
port (3),
lag (4)
}
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchSrcPortType is used to restrict ingress
management packets to either the configured management Ethernet
port or any other logical port (LAG, port, or channel) on the
device. By default, management traffic is accepted on any interface."
DEFVAL { any }
::= { tmnxMafMatchEntry 8 }
tmnxMafMatchSrcPortId OBJECT-TYPE
SYNTAX TmnxPortID
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"When tmnxMafMatchSrcPortType has a value of 'port' or 'lag' the
value of tmnxMafMatchSrcPortId specifies the port used to restrict
ingress management packets. A value of zero indicated that this
object is not initialized."
DEFVAL { 0 }
::= { tmnxMafMatchEntry 9 }
tmnxMafMatchDestPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchDestPort specifies a TCP or UDP port
number to be used as a match criteria in this Management Access
Filter Entry. A value of zero indicates that this object is
not initialized."
DEFVAL { 0 }
::= { tmnxMafMatchEntry 10 }
tmnxMafMatchDestPortMask OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..65535)
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchDestPortMask specifies a mask to be used
when the value of tmnxMafMatchDestPort is not equal to zero.
The mask allows a range of TCP or UDP port values to be
specified for the match criteria in this Management Access Filter
Entry. A value of 65535, 0xFFFF, is used to indicate that
this object is not initialized."
DEFVAL { 'FFFF'H }
::= { tmnxMafMatchEntry 11 }
tmnxMafMatchProtocol OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchProtocol specifies an IP protocol type
to be used in the match criteria for this Management Access Filter
Entry. Some well known protocol numbers are TCP (6), and UDP (7).
The value of -1 is used to indicate that this object is not
initialized."
DEFVAL { -1 }
::= { tmnxMafMatchEntry 12 }
tmnxMafMatchCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchCount indicates the number of times a
management packet has matched this filter entry."
::= { tmnxMafMatchEntry 13 }
tmnxMafMatchRouter OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The value of tmnxMafMatchRouter specifies a router (VPRN) name or
a service-id, expressed as an ASCII numeric string, to be used in
the match criteria for the Management Access Filter Entry. The
empty string value ''H is used to indicate that this object is not
initialized."
DEFVAL { ''H }
::= { tmnxMafMatchEntry 14 }
tmnxMafMatchLog OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"When the value of tmnxMafMatchLog is 'true', entry match logging is
enabled."
DEFVAL { false }
::= { tmnxMafMatchEntry 15 }
tmnxGenMafTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value of the object tmnxGenMafTableLastChanged indicates the
timestamp of the last change to the tmnxGenMafTable. A value of 0
indicates that no changes were made to this table since the system was
last initialized."
::= { tmnxMafObjs 3 }
tmnxGenMafTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxGenMafEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table replaces the tmnxMafTable. It allows to define both IPv4
and IPv6 MAFs.
The tmnxGenMafTable has an entry for each Management Access Filter
(MAF) configured on the system (IPv4 and IPv6).
Management Access Filters are used to restrict management of this
Nokia SROS device by other nodes outside either specific (sub)networks
or through designated ports.
By default a single IPv4 and a single IPv6 Management Access Filter is
created by the system. No additional filters can be defined by the
operator.
When a filter is deleted, the system will recreate it with all default
settings."
::= { tmnxMafObjs 4 }
tmnxGenMafEntry OBJECT-TYPE
SYNTAX TmnxGenMafEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry contains information about a IPv4 or IPv6 Management
Access Filter (MAF)."
INDEX {
tmnxGenMafType,
tmnxGenMafName
}
::= { tmnxGenMafTable 1 }
TmnxGenMafEntry ::= SEQUENCE
{
tmnxGenMafType TmnxMafType,
tmnxGenMafName TNamedItem,
tmnxGenMafLastModified TimeStamp,
tmnxGenMafRowStatus RowStatus,
tmnxGenMafAdminState TmnxAdminState,
tmnxGenMafDefaultAction TmnxMafAction
}
tmnxGenMafType OBJECT-TYPE
SYNTAX TmnxMafType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxGenMafType specifies the type of packets, destined
for CPM, this management access filter applies to."
::= { tmnxGenMafEntry 1 }
tmnxGenMafName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxGenMafName specifies the Management Access Filter
(MAF) represented by this row in the tmnxGenMafTable."
::= { tmnxGenMafEntry 2 }
tmnxGenMafLastModified OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxGenMafLastModified object indicates the timestamp of the last
change to this row. A value of zero indicates that this row was not
modified since the system was last initialized."
::= { tmnxGenMafEntry 3 }
tmnxGenMafRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxGenMafRowStatus object is used to create and delete rows in
the tmnxGenMafTable. The values supported during a set operation are
- active(1)
- createAndGo(4),
- createAndWait(5) which is treated in the same way as createAndGo(4)
- destroy(6)."
::= { tmnxGenMafEntry 4 }
tmnxGenMafAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxGenMafAdminState specifies the administrative state
for this management access filter. A value of 'outOfService'
disables this filter which results in permitting all traffic."
DEFVAL { inService }
::= { tmnxGenMafEntry 5 }
tmnxGenMafDefaultAction OBJECT-TYPE
SYNTAX TmnxMafAction
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxGenMafDefaultAction specifies the default action
for management access in the absence of a specific management
access filter entry match. The default action is applied
to a packet that does not satisfy any match criteria in any of
the management access filter match entries. Before a MAF can be
active, a default action must have been specified.
The value denyHostUnreachable is not allowed for Mac Maf filters."
DEFVAL { none }
::= { tmnxGenMafEntry 6 }
tmnxMafIPMatchTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value of the object tmnxMafIPMatchTableLastChanged indicates the
timestamp of the last change to the tmnxIPMafMatchTable. A value of 0
indicates that no changes were made to this table since the system was
last initialized."
::= { tmnxMafObjs 5 }
tmnxIPMafMatchTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxIPMafMatchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table replaces the tmnxMafMatchTable. It allows to define both
IPv4 and IPv6 MAF IP entries.
The tmnxIPMafMatchTable contains ipvx filter match criteria associated
with Management Access Filters (MAFs) configured on the system."
::= { tmnxMafObjs 6 }
tmnxIPMafMatchEntry OBJECT-TYPE
SYNTAX TmnxIPMafMatchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry contains information about a management access filter
entry associated with a specific Management Access Filter (MAF).
The filter criteria are applied in order according to the value of
tmnxIPMafMatchIndex.
The match algorithm is exited upon the first
match found and then the action specified is executed. For this
reason, entries must be sequenced from most to least explicit.
An entry where tmnxIPMafMatchAction has a value of 'none' is not
active.
Rows can only be created for tmnxGenMafType's:
- ipv4 (1), and.
- ipv6 (2).
For mac Maf filters a dedicated table is provided
(tmnxMacMafMatchTable). "
INDEX {
tmnxGenMafType,
tmnxGenMafName,
tmnxIPMafMatchIndex
}
::= { tmnxIPMafMatchTable 1 }
TmnxIPMafMatchEntry ::= SEQUENCE
{
tmnxIPMafMatchIndex Unsigned32,
tmnxIPMafMatchRowStatus RowStatus,
tmnxIPMafMatchLastChanged TimeStamp,
tmnxIPMafMatchAction TmnxMafAction,
tmnxIPMafMatchDescription TItemDescription,
tmnxIPMafMatchSrcIpAddrType InetAddressType,
tmnxIPMafMatchSrcIpAddr InetAddress,
tmnxIPMafMatchSrcIpMask InetAddressPrefixLength,
tmnxIPMafMatchSrcPortType INTEGER,
tmnxIPMafMatchSrcPortId TmnxPortID,
tmnxIPMafMatchDestPort TTcpUdpPort,
tmnxIPMafMatchDestPortMask Unsigned32,
tmnxIPMafMatchProtNxtHdr TIpProtocol,
tmnxIPMafMatchCount Counter64,
tmnxIPMafMatchRouter TNamedItemOrEmpty,
tmnxIPMafMatchFlowLabel IPv6FlowLabel,
tmnxIPMafMatchLog TruthValue
}
tmnxIPMafMatchIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..9999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchIndex specifies the Management Access
Filter Entry (MAFE) represented by this row in the
tmnxIPMafMatchTable.
It is associated to a specific Management Access Filter by the value
of tmnxGenMafName index."
::= { tmnxIPMafMatchEntry 1 }
tmnxIPMafMatchRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxIPMafMatchRowStatus object is used to create and delete rows
in the tmnxIPMafMatchTable. Following values are supported:
- active(1)
- createAndGo(4),
- createAndWait(5) which is treated in the same way as createAndGo(4)
- destroy(6)."
::= { tmnxIPMafMatchEntry 2 }
tmnxIPMafMatchLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchLastChanged is the timestamp of last change
to this row in tmnxIPMafMatchTable."
::= { tmnxIPMafMatchEntry 3 }
tmnxIPMafMatchAction OBJECT-TYPE
SYNTAX TmnxMafAction
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchAction specifies the action to be taken
when a packet matches the selection criteria configured in this
management access filter entry. Before a filter entry can be active,
tmnxIPMafMatchAction must be assigned some value other than 'none'.
The value denyHostUnreachable is not allowed."
DEFVAL { none }
::= { tmnxIPMafMatchEntry 4 }
tmnxIPMafMatchDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchDescription is a user provided description
string for this Management Access Filter Entry. It can consist of
any printable, seven-bit ASCII characters up to 80 characters in
length."
DEFVAL { ''H }
::= { tmnxIPMafMatchEntry 5 }
tmnxIPMafMatchSrcIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchSrcIpAddrType specifies the type of IP
address stored in the object tmnxIPMafMatchSrcIpAddr.
If the value of tmnxGenMafType indicates 'ipv4' the only allowed
values for this object are 'unknown' or 'ipv4'.
If the value of tmnxGenMafType indicates 'ipv6' the only allowed
values for this object are 'unknown' or 'ipv6'."
DEFVAL { unknown }
::= { tmnxIPMafMatchEntry 6 }
tmnxIPMafMatchSrcIpAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchSrcIpAddr specifies IP address used with
the value of tmnxIPMafMatchSrcIpMask to indicate a source IP address
range to be used as the match criteria for this Management Access
Filter Entry."
DEFVAL { ''H }
::= { tmnxIPMafMatchEntry 7 }
tmnxIPMafMatchSrcIpMask OBJECT-TYPE
SYNTAX InetAddressPrefixLength (0..128)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchSrcIpMask specifies the number of bits to
match of the source Ip Address."
DEFVAL { 0 }
::= { tmnxIPMafMatchEntry 8 }
tmnxIPMafMatchSrcPortType OBJECT-TYPE
SYNTAX INTEGER {
any (1),
cpm (2),
port (3),
lag (4)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchSrcPortType is used, in conjunction with
the value of tmnxIPMafMatchSrcPortId, to specify the type of port that
applies to the management access filter entry. By default, management
traffic is accepted on all interfaces.
If the value of tmnxIPMafMatchSrcPortType is equal to any(1), the
default, then no filtering is done on ingress management packets.
If the value of tmnxIPMafMatchSrcPortType is equal to cpm(2) then the
filter applies to packets received on any CPM/CCM Ethernet port.
If the value of tmnxIPMafMatchSrcPortType is equal to port(3) or
lag(4) then the filter applies to the packets received on the port or
lag specified by the value of tmnxIPMafMatchSrcPortId.
The value of tmnxIPMafMatchSrcPortId can be set to other value then
503316480 (INVALID_PORT) only if the value of
tmnxIPMafMatchSrcPortType is port (3) or lag (4).
In summary, the valid configurations are:
src-port-type src-port-id Meaning
any(1) INVALID_PORT No filtering
cpm(2) INVALID_PORT Match packets received on any CPM/CCM
Ethernet port
port(3) port-id Match packets received on specified port
lag(4) lag-id Match packets received on specified lag
If tmnxIPMafMatchSrcPortType is any(1) or is set to any(1) then any
change to tmnxIPMafMatchSrcPortId is ignored and its value is forced
to 503316480 (INVALID_PORT) by the system.
When tmnxIPMafMatchSrcPortType is set to cpm(2), cpm1(5), cpm3(6),
cpm4(7) then the value of tmnxIPMafMatchSrcPortId, if specified, is
ignored and forced to 503316480 (INVALID_PORT) by the system.
When the value of tmnxIPMafMatchSrcPortType is set to port(3) or
lag(4) then tmnxIPMafMatchSrcPortId must specify a valid port-id or
lag-id, otherwise the request is rejected by the system. Note that the
port-type is always subordinate to the port-id, i.e. if the value of
tmnxIPMafMatchSrcPortType is set to port(3) and at the same time the
value of tmnxIPMafMatchSrcPortId is set to a lag-id the the system
will accept the lag-id and silently set the value of
tmnxIPMafMatchSrcPortType lag(4) (or vice versa)."
DEFVAL { any }
::= { tmnxIPMafMatchEntry 9 }
tmnxIPMafMatchSrcPortId OBJECT-TYPE
SYNTAX TmnxPortID
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchSrcPortId is used, in conjunction with the
value of tmnxIPMafMatchSrcPortType, to specify the port that applies
to the management access filter entry. By default, management traffic
is accepted on all interfaces.
Please refer to the description of tmnxIPMafMatchSrcPortType for more
details."
DEFVAL { 503316480 }
::= { tmnxIPMafMatchEntry 10 }
tmnxIPMafMatchDestPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchDestPort specifies a destination TCP or UDP
port number to be used as a match criteria in this Management Access
Filter Entry.
A value of '0' indicates that no match is performed on the destination
port number. In this case the value of the object
tmnxIPMafMatchDestPortMask will be reset to its default value."
DEFVAL { 0 }
::= { tmnxIPMafMatchEntry 11 }
tmnxIPMafMatchDestPortMask OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchDestPortMask specifies a mask to be used
when the value of tmnxIPMafMatchDestPort is not equal to '0'.
The mask allows a range of TCP or UDP port values to be specified for
the match criteria in this Management Access Filter Entry.
If set to '0' the match on the destination port number is removed, and
both objects tmnxIPMafMatchDestPort and tmnxIPMafMatchDestPortMask are
reset to their default values."
DEFVAL { 'FFFF'H }
::= { tmnxIPMafMatchEntry 12 }
tmnxIPMafMatchProtNxtHdr OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchProtNxtHdr specifies for IPv4 MAF the IP
protocol field, and for IPv6 the next header type to be used in the
match criteria for this Management Access Filter Entry.
Some well known protocol numbers are TCP (6), and UDP (7). The value
of -1 is used to indicate that this object is not initialized. The
value of -2 is used to indicate udp/tcp protocol matching "
DEFVAL { -1 }
::= { tmnxIPMafMatchEntry 13 }
tmnxIPMafMatchCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchCount indicates the number of times a
management packet has matched this filter entry."
::= { tmnxIPMafMatchEntry 14 }
tmnxIPMafMatchRouter OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchRouter specifies a router (VPRN) name or
a service-id, expressed as an ASCII numeric string, to be used in
the match criteria for the Management Access Filter Entry. The
empty string value ''H is used to indicate that this object is not
initialized."
DEFVAL { ''H }
::= { tmnxIPMafMatchEntry 15 }
tmnxIPMafMatchFlowLabel OBJECT-TYPE
SYNTAX IPv6FlowLabel
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxIPMafMatchFlowLabel specifies the flow label to be
matched. When the value is '-1', no flow label matching occurs. This
object is only meaningful in case of an IPv6 MAF entry. The value is
ignored in IPv4 MAF entries."
DEFVAL { -1 }
::= { tmnxIPMafMatchEntry 16 }
tmnxIPMafMatchLog OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"When the value of tmnxIPMafMatchLog is 'true', entry match logging is
enabled."
DEFVAL { false }
::= { tmnxIPMafMatchEntry 17 }
tmnxMafMacMatchTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value of the object tmnxMafMacMatchTableLastChanged indicates the
timestamp of the last change to the tmnxMacMafMatchTable. A value of 0
indicates that no changes were made to this table since the system was
last initialized."
::= { tmnxMafObjs 7 }
tmnxMacMafMatchTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxMacMafMatchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This table allows to define Mac Maf filter entries.
The tmnxMacMafMatchTable contains Mac filter match criteria associated
with Management Access Filters (MAFs) configured on the system."
::= { tmnxMafObjs 8 }
tmnxMacMafMatchEntry OBJECT-TYPE
SYNTAX TmnxMacMafMatchEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry contains information about a management access filter
entry associated with a specific Mac Management Access Filter (MAF).
The filter criteria are applied in order according to the value of
tmnxMacMafMatchIndex.
The match algorithm is exited upon the first
match found and then the action specified is executed. For this
reason, entries must be sequenced from most to least explicit.
An entry where tmnxMacMafMatchAction has a value of 'none' is not
active."
INDEX {
tmnxGenMafName,
tmnxMacMafMatchIndex
}
::= { tmnxMacMafMatchTable 1 }
TmnxMacMafMatchEntry ::= SEQUENCE
{
tmnxMacMafMatchIndex Unsigned32,
tmnxMacMafMatchRowStatus RowStatus,
tmnxMacMafMatchLastChanged TimeStamp,
tmnxMacMafMatchAction TmnxMafAction,
tmnxMacMafMatchDescription TItemDescription,
tmnxMacMafMatchLog TruthValue,
tmnxMacMafMatchFrameType TmnxMafMacFltrFrameType,
tmnxMacMafMatchSvcId TmnxServId,
tmnxMacMafMatchDot1pValue Dot1PPriority,
tmnxMacMafMatchDot1pMask Dot1PPriorityNonZeroMask,
tmnxMacMafMatchDsap ServiceAccessPoint,
tmnxMacMafMatchDsapMask ServiceAccessPoint,
tmnxMacMafMatchSrcMAC MacAddress,
tmnxMacMafMatchSrcMACMask MacAddress,
tmnxMacMafMatchDstMAC MacAddress,
tmnxMacMafMatchDstMACMask MacAddress,
tmnxMacMafMatchEtherType Integer32,
tmnxMacMafMatchSnapOui INTEGER,
tmnxMacMafMatchSnapPid Integer32,
tmnxMacMafMatchSsap ServiceAccessPoint,
tmnxMacMafMatchSsapMask ServiceAccessPoint,
tmnxMacMafMatchCfmOpCodeOper TOperator,
tmnxMacMafMatchCfmOpCodeValue1 Unsigned32,
tmnxMacMafMatchCfmOpCodeValue2 Unsigned32,
tmnxMacMafMatchCount Counter64
}
tmnxMacMafMatchIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..9999)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxMacMafMatchIndex specifies the Management Access
Filter Entry (MAFE) represented by this row in the
tmnxMacMafMatchTable.
It is associated to a specific Management Access Filter by the value
of tmnxGenMafType and tmnxGenMafName."
::= { tmnxMacMafMatchEntry 1 }
tmnxMacMafMatchRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxMacMafMatchRowStatus object is used to create and delete rows
in the tmnxMacMafMatchTable. The values supported are
- active(1)
- createAndGo(4),
- createAndWait(5) which is treated in the same way as createAndGo(4)
- destroy(6)."
::= { tmnxMacMafMatchEntry 2 }
tmnxMacMafMatchLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxMacMafMatchLastChanged indicates the timestamp of the
last change to this row in tmnxMacMafMatchTable."
::= { tmnxMacMafMatchEntry 3 }
tmnxMacMafMatchAction OBJECT-TYPE
SYNTAX TmnxMafAction
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxMacMafMatchAction specifies the action to be taken
when a packet matches the selection criteria configured in this
management access filter entry. Before a filter entry can be active,
tmnxMacMafMatchAction must be assigned some value other than 'none'.
The value denyHostUnreachable is not allowed for this object."
DEFVAL { none }
::= { tmnxMacMafMatchEntry 4 }
tmnxMacMafMatchDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxMacMafMatchDescription specifies a user provided
description string for this Management Access Filter Entry. It can
consist of any printable, seven-bit ASCII characters up to 80
characters in length."
DEFVAL { ''H }
::= { tmnxMacMafMatchEntry 5 }
tmnxMacMafMatchLog OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchLog specifies whether or not
logging is active for this filter entry."
DEFVAL { false }
::= { tmnxMacMafMatchEntry 6 }
tmnxMacMafMatchFrameType OBJECT-TYPE
SYNTAX TmnxMafMacFltrFrameType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxMacMafMatchFrameType specifies the type of mac frame
for which we are defining this match criteria."
DEFVAL { e802dot3 }
::= { tmnxMacMafMatchEntry 7 }
tmnxMacMafMatchSvcId OBJECT-TYPE
SYNTAX TmnxServId (0 | 1..2147483647)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchSvcId specifies the service-id
in which the packet is to be received for this entry to match. A value
of 0 indicates: any service."
DEFVAL { 0 }
::= { tmnxMacMafMatchEntry 8 }
tmnxMacMafMatchDot1pValue OBJECT-TYPE
SYNTAX Dot1PPriority
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchDot1pValue specifies the IEEE
802.1p priority value for this MAC filter entry. Use -1 to disable
matching this filter criteria."
DEFVAL { -1 }
::= { tmnxMacMafMatchEntry 9 }
tmnxMacMafMatchDot1pMask OBJECT-TYPE
SYNTAX Dot1PPriorityNonZeroMask
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchDot1pMask specifies the IEEE
802.1p priority mask value for this policy MAC filter entry."
DEFVAL { 7 }
::= { tmnxMacMafMatchEntry 10 }
tmnxMacMafMatchDsap OBJECT-TYPE
SYNTAX ServiceAccessPoint
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchDsap specifies the MAC DSAP to
match for this MAC filter entry. This object has no significance if
the object tmnxMacMafMatchFrameType is not set to 802dot2LLC."
DEFVAL { -1 }
::= { tmnxMacMafMatchEntry 11 }
tmnxMacMafMatchDsapMask OBJECT-TYPE
SYNTAX ServiceAccessPoint
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchDsapMask specifies the MAC DSAP
mask for this MAC filter entry. This object has no significance if the
object tmnxMacMafMatchFrameType is not set to 802dot2LLC."
DEFVAL { -1 }
::= { tmnxMacMafMatchEntry 12 }
tmnxMacMafMatchSrcMAC OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchSrcMAC specifies the source MAC
to match for this policy MAC filter entry."
DEFVAL { '000000000000'H }
::= { tmnxMacMafMatchEntry 13 }
tmnxMacMafMatchSrcMACMask OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchSrcMACMask specifies the source
MAC mask value for this policy MAC filter entry. The mask is ANDed
with the MAC to match tmnxMacMafMatchSrcMAC. A zero bit means ignore
this bit, do not match. A one bit means match this bit with
tmnxMacMafMatchSrcMAC. Use the value 00-00-00-00-00-00 to disable this
filter criteria."
DEFVAL { '000000000000'H }
::= { tmnxMacMafMatchEntry 14 }
tmnxMacMafMatchDstMAC OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchDstMAC specifies the
Destination MAC mask value for this policy MAC filter entry."
DEFVAL { '000000000000'H }
::= { tmnxMacMafMatchEntry 15 }
tmnxMacMafMatchDstMACMask OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchDstMACMask specifies
the destination MAC mask value for this policy MAC filter entry.
The mask is ANDed with the MAC to match tmnxMacMafMatchDstMAC.
A zero bit means ignore this bit, do not match. a one bit means
match this bit with tmnxMacMafMatchDstMAC.
Use the value 00-00-00-00-00-00 to disable this filter criteria."
DEFVAL { '000000000000'H }
::= { tmnxMacMafMatchEntry 16 }
tmnxMacMafMatchEtherType OBJECT-TYPE
SYNTAX Integer32 (-1 | 1536..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchEtherType specifies the
Ethertype for this MAC filter entry. Use -1 to disable matching by
this criteria. This object has no significance if the object
tmnxMacMafMatchFrameType is not set to Ethernet_II."
DEFVAL { -1 }
::= { tmnxMacMafMatchEntry 17 }
tmnxMacMafMatchSnapOui OBJECT-TYPE
SYNTAX INTEGER {
off (1),
zero (2),
nonZero (3)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchSnapOui specifies the MAC SNAP
OUI to match. The values zero(2) and nonZero(3) specify what to match.
Matching can be disabled by the use of the value off(1). This object
has no significance if the object tmnxMacMafMatchFrameType is not set
to 802dot2SNAP."
DEFVAL { off }
::= { tmnxMacMafMatchEntry 18 }
tmnxMacMafMatchSnapPid OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchSnapPid specifies the
MAC SNAP PID to match for this MAC filter entry. use -1 to
disable matching by this criteria. This object has no significance if
object tmnxMacMafMatchFrameType is not set to 802dot2SNAP."
DEFVAL { -1 }
::= { tmnxMacMafMatchEntry 19 }
tmnxMacMafMatchSsap OBJECT-TYPE
SYNTAX ServiceAccessPoint
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchSsap specifies the the MAC SSAP
to match for this MAC filter entry. This object has no significance if
the object tmnxMacMafMatchFrameType is not set to 802dot2LLC."
DEFVAL { -1 }
::= { tmnxMacMafMatchEntry 20 }
tmnxMacMafMatchSsapMask OBJECT-TYPE
SYNTAX ServiceAccessPoint
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchSsapMask specifies the MAC SSAP
mask for this MAC filter entry. use 0 to disable matching by this
criteria. This object has no significance if the object
tmnxMacMafMatchFrameType is not set to 802dot2LLC."
DEFVAL { -1 }
::= { tmnxMacMafMatchEntry 21 }
tmnxMacMafMatchCfmOpCodeOper OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchCfmOpCodeOper specifies which
type of opcode checking is to be performed. If different from none,
more info is provided in the objects tmnxMacMafMatchCfmOpCodeValue1
and tmnxMacMafMatchCfmOpCodeValue2. This object has significance only
if the object tmnxMacMafMatchFrameType refers to either ieee802.1ag or
Y1731."
DEFVAL { none }
::= { tmnxMacMafMatchEntry 22 }
tmnxMacMafMatchCfmOpCodeValue1 OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchCfmOpCodeValue1 specifies a cfm
opcode. The value of this object is used as per the description for
tmnxMacMafMatchCfmOpCodeOper."
DEFVAL { 0 }
::= { tmnxMacMafMatchEntry 23 }
tmnxMacMafMatchCfmOpCodeValue2 OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxMacMafMatchCfmOpCodeValue2 specifies a cfm
opcode. The value of this object is used as per the description for
tmnxMacMafMatchCfmOpCodeOper."
DEFVAL { 0 }
::= { tmnxMacMafMatchEntry 24 }
tmnxMacMafMatchCount OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxMacMafMatchCount indicates the number of times a
management packet has matched this filter entry."
::= { tmnxMacMafMatchEntry 25 }
tmnxPasswordInfo OBJECT IDENTIFIER ::= { tmnxSecurityObjects 5 }
tmnxPasswordAging OBJECT-TYPE
SYNTAX Unsigned32 (1..500 | 65535)
UNITS "Days"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Number of days a user password is valid before the user must change
his password. If the value of tmnxPasswordAging is set to '65535',
password aging is disabled."
DEFVAL { 65535 }
::= { tmnxPasswordInfo 1 }
tmnxPasswordMinLength OBJECT-TYPE
SYNTAX Unsigned32 (6..50)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The minimum number of characters required in the password.
In addition to the number of characters in the new password, credit
(of +1 in length) will be given for each different kind of character
(uppercase, lowercase, digit or special), thus giving the user the
choice between long simple and shorter but more complex passwords.
The maximum credit that is given for each different type of character
is configured using the tmnxPasswordCreditsLowerCase,
tmnxPasswordCreditsUpperCase, tmnxPasswordCreditsSpecialChar and
tmnxPasswordCreditsNumeric MIB fields.
Setting these 4 fields to 0 will effectively disable passwords
credits."
DEFVAL { 6 }
::= { tmnxPasswordInfo 2 }
tmnxPasswordComplexity OBJECT-TYPE
SYNTAX BITS {
alpha-numeric (0),
mixed-case (1),
special-character (2)
}
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"tmnxPasswordComplexity was made obsolete in 12.0 revision of Nokia
SROS series system. Password complexity is now configured using the
other fields in tmnxPasswordInfo."
DEFVAL { {} }
::= { tmnxPasswordInfo 3 }
tmnxPasswordAttemptsCount OBJECT-TYPE
SYNTAX Unsigned32 (1..64)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The maximum number of unsuccessful login attempts allowed for a user.
The value of tmnxPasswordAttemptsCount is used with the value of
tmnxPasswordAttemptsTime to find out if the user is to be locked out
for tmnxPasswordAttemptsLockoutPeriod."
DEFVAL { 3 }
::= { tmnxPasswordInfo 4 }
tmnxPasswordAttemptsTime OBJECT-TYPE
SYNTAX Unsigned32 (0..60)
UNITS "Minutes"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"This is used in conjunction with tmnxPasswordAttemptsCount to find out
if the user is to be locked out for tmnxPasswordAttemptsLockoutPeriod."
DEFVAL { 5 }
::= { tmnxPasswordInfo 5 }
tmnxPasswordAttemptsLockoutPeriod OBJECT-TYPE
SYNTAX Unsigned32 (0..1440)
UNITS "Minutes"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The number of minutes the user is locked out if the threshold of
unsuccessful login attempts has exceeded."
DEFVAL { 10 }
::= { tmnxPasswordInfo 6 }
tmnxPasswordAuthenOrder1 OBJECT-TYPE
SYNTAX TmnxPasswordAuthenOrder
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The most preferred method to authenticate and authorize a user. If
this method fails, the next method in the sequence identified by
tmnxPasswordAuthenOrder2 is used."
DEFVAL { radius }
::= { tmnxPasswordInfo 7 }
tmnxPasswordAuthenOrder2 OBJECT-TYPE
SYNTAX TmnxPasswordAuthenOrder
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The second method to authenticate and authorize a user."
DEFVAL { tacplus }
::= { tmnxPasswordInfo 8 }
tmnxPasswordAuthenOrder3 OBJECT-TYPE
SYNTAX TmnxPasswordAuthenOrder
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The third preferred method to authenticate and authorize a user."
DEFVAL { ldap }
::= { tmnxPasswordInfo 9 }
tmnxPasswordAuthenExitOnReject OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"If the value of tmnxPasswordAuthenExitOnReject is set to 'true' and if
one of the AAA methods configured in tmnxPasswordAuthenOrder1,
tmnxPasswordAuthenOrder2, tmnxPasswordAuthenOrder3,
tmnxPasswordAuthenOrder4 sends a reject, then the next method in the
order will not be tried. If the value of this object is set to 'false'
and if one AAA method sends a reject, the next AAA method will be
attempted. If in this process, all the AAA methods are exhausted, it
will be considered as a reject."
DEFVAL { false }
::= { tmnxPasswordInfo 10 }
tmnxAdminPassword OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..129))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxAdminPassword is used to configure the password which enables a
user to become a system administrator.
tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates
whether or not the password string is encrypted, must be set together
in the same SNMP request PDU or else the set request will fail with an
inconsistentValue error.
The value of tmnxAdminPassword cannot be more than 56 characters when
the value of tmnxAdminPasswordEncrypted is 'false'.
A get request on this object always returns an empty string."
DEFVAL { ''H }
::= { tmnxPasswordInfo 11 }
tmnxAdminPasswordEncrypted OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When the value of tmnxAdminPasswordEncrypted is 'true', the password
specified by tmnxAdminPassword is in the encrypted form.
When the value of tmnxAdminPasswordEncrypted is 'false', the password
specified by tmnxAdminPassword is in plain text.
tmnxAdminPassword and tmnxAdminPasswordEncrypted, which indicates
whether or not the password string is encrypted, must be set together
in the same SNMP request PDU or else the set request will fail with an
inconsistentValue error."
DEFVAL { true }
::= { tmnxPasswordInfo 12 }
tmnxPasswordHealthCheck OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When the value of tmnxPasswordHealthCheck is 'true', the Radius
servers configured in tmnxRadiusServerTable and the 'TacPlus' servers
configured in tmnxTacPlusServerTable will be periodically monitored.
Each server will be contacted every 30 seconds. If in this process a
server is found to be unreachable, or a previously unreachable server
starts responding, based on the type of the server, a
TIMETRA-SYSTEM-MIB:radiusServerOperStatusChange or a
TIMETRA-SYSTEM-MIB:tacplusServerOperStatusChange trap will be sent.
When the value of tmnxPasswordHealthCheck is 'false', periodic
monitoring of the Radius and Tacplus servers is disabled."
DEFVAL { true }
::= { tmnxPasswordInfo 13 }
tmnxPasswordHealthCheckInterval OBJECT-TYPE
SYNTAX Unsigned32 (6..1500)
UNITS "seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordHealthCheckInterval specifies the polling
interval for Radius servers configured in tmnxRadiusServerTable and
the 'TacPlus' servers configured in tmnxTacPlusServerTable."
DEFVAL { 30 }
::= { tmnxPasswordInfo 14 }
tmnxDynSvcPassword OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..60))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxDynSvcPassword is used to configure the password which enables
manual modification of dynamic services.
The password can be provided both as a plain text string, or as a
bcrypt encrypted hash.
The value of tmnxDynSvcPassword cannot be more than 56 characters if
it is a plain text string.
A get request on this object always returns an empty string."
DEFVAL { ''H }
::= { tmnxPasswordInfo 15 }
tmnxTacPlusEnableAdminPrivLvl OBJECT-TYPE
SYNTAX Integer32 (-1 | 0..15)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxTacPlusEnableAdminPrivLvl specifies the privilege
level used when sending a TACACS+ ENABLE request.
When the value of tmnxTacPlusAuthorization is 'true(1)' and the value
of tmnxTacPlusAuthorUsePrivLvl is 'true(1)' and the value of
tmnxTacPlusInteractiveAuthen is 'true(1)', a TACACS+ authentication
request for the ENABLE service with this configured privilege level is
used instead of requesting tmnxAdminPassword when the user wants to
become a system administrator."
DEFVAL { -1 }
::= { tmnxPasswordInfo 16 }
tmnxPasswordHistory OBJECT-TYPE
SYNTAX Unsigned32 (0..20)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordHistory specifies the number of old passwords
of the user that will be remembered. A new password must not be the
same as any remembered old password.
A value of zero (0) indicates no password history will be kept,
meaning a new password will only be matched against the current user
password."
DEFVAL { 0 }
::= { tmnxPasswordInfo 17 }
tmnxPasswordMinChange OBJECT-TYPE
SYNTAX Unsigned32 (1..20)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordMinChange specifies the minimum number of
characters in the new password that must not be present in the old
password. This is calculated using the Levenshtein distance algorithm.
In addition, if 1/2 of the characters in the new password are
different then the new password will be accepted anyway."
DEFVAL { 5 }
::= { tmnxPasswordInfo 18 }
tmnxPasswordMinAge OBJECT-TYPE
SYNTAX Unsigned32 (0..86400)
UNITS "Seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordMinAge specifies the number of seconds
required between two consecutive password changes.
Among other this will prevent the user from flooding the password
history in an attempt to reuse his current password."
DEFVAL { 600 }
::= { tmnxPasswordInfo 19 }
tmnxPasswordAllowUserName OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordAllowUserName specifies if the new password
will be allowed if it contains the user name in some form."
DEFVAL { false }
::= { tmnxPasswordInfo 20 }
tmnxPasswordMaxRepeatedChars OBJECT-TYPE
SYNTAX Unsigned32 (0 | 2..8)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordMaxRepeatedChars specifies the maximum number
of times the same character can be used consecutively in the password.
A value of zero (0) indicates this check is disabled."
DEFVAL { 0 }
::= { tmnxPasswordInfo 21 }
tmnxPasswordCreditsLowerCase OBJECT-TYPE
SYNTAX Unsigned32 (0..10)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordCreditsLowerCase specifies the maximum credit
for having lowercase characters in your password. Please see
tmnxPasswordMinLength for an explanation of how password credits work.
A value of zero (0) indicates no credits will be given for having
lowercase characters in your password.
This field can only be set to non-zero if tmnxPasswordReqLowerCase,
tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and
tmnxPasswordReqNumeric are all set to zero."
DEFVAL { 0 }
::= { tmnxPasswordInfo 22 }
tmnxPasswordCreditsUpperCase OBJECT-TYPE
SYNTAX Unsigned32 (0..10)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordCreditsUpperCase specifies the maximum credit
for having uppercase characters in your password. Please see
tmnxPasswordMinLength for an explanation of how password credits work.
A value of zero (0) indicates no credits will be given for having
uppercase characters in your password.
This field can only be set to non-zero if tmnxPasswordReqLowerCase,
tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and
tmnxPasswordReqNumeric are all set to zero."
DEFVAL { 0 }
::= { tmnxPasswordInfo 23 }
tmnxPasswordCreditsNumeric OBJECT-TYPE
SYNTAX Unsigned32 (0..10)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordCreditsNumeric specifies the maximum credit
for having digits in your password. Please see tmnxPasswordMinLength
for an explanation of how password credits work.
A value of zero (0) indicates no credits will be given for having
digits in your password.
This field can only be set to non-zero if tmnxPasswordReqLowerCase,
tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and
tmnxPasswordReqNumeric are all set to zero."
DEFVAL { 0 }
::= { tmnxPasswordInfo 24 }
tmnxPasswordCreditsSpecialChar OBJECT-TYPE
SYNTAX Unsigned32 (0..10)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordCreditsSpecialChar specifies the maximum
credit for having special characters in your password. Please see
tmnxPasswordMinLength for an explanation of how password credits work.
A value of zero (0) indicates no credits will be given for having
special characters in your password.
This field can only be set to non-zero if tmnxPasswordReqLowerCase,
tmnxPasswordReqUpperCase, tmnxPasswordReqSpecialChar and
tmnxPasswordReqNumeric are all set to zero."
DEFVAL { 0 }
::= { tmnxPasswordInfo 25 }
tmnxPasswordReqLowerCase OBJECT-TYPE
SYNTAX Unsigned32 (0..10)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordReqLowerCase specifies the minimum number of
lowercase characters that must be present in your password.
A value of zero (0) indicates no lowercase characters are required.
This field can only be set to non-zero if
tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase,
tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all
set to zero."
DEFVAL { 0 }
::= { tmnxPasswordInfo 26 }
tmnxPasswordReqUpperCase OBJECT-TYPE
SYNTAX Unsigned32 (0..10)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordReqUpperCase specifies the minimum number of
uppercase characters that must be present in your password.
A value of zero (0) indicates no uppercase characters are required.
This field can only be set to non-zero if
tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase,
tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all
set to zero."
DEFVAL { 0 }
::= { tmnxPasswordInfo 27 }
tmnxPasswordReqNumeric OBJECT-TYPE
SYNTAX Unsigned32 (0..10)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordReqNumeric specifies the minimum number of
digits that must be present in your password.
A value of zero (0) indicates no digits are required.
This field can only be set to non-zero if
tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase,
tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all
set to zero."
DEFVAL { 0 }
::= { tmnxPasswordInfo 28 }
tmnxPasswordReqSpecialChar OBJECT-TYPE
SYNTAX Unsigned32 (0..10)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordReqSpecialChar specifies the minimum number
of special characters that must be present in your password.
A value of zero (0) indicates no digits are required.
This field can only be set to non-zero if
tmnxPasswordCreditsLowerCase, tmnxPasswordCreditsUpperCase,
tmnxPasswordCreditsSpecialChar and tmnxPasswordCreditsNumeric are all
set to zero."
DEFVAL { 0 }
::= { tmnxPasswordInfo 29 }
tmnxPasswordReqNumCharClass OBJECT-TYPE
SYNTAX Unsigned32 (0 | 2..4)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPasswordReqNumCharClass specifies the minimum number
of distinct kind of characters (uppercase, lowercase, digit or
special) that must be present in your password.
A value of zero (0) indicates this check is disabled."
DEFVAL { 0 }
::= { tmnxPasswordInfo 30 }
tmnxVsdPassword OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..60))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxVsdPassword is used to configure the password which enables
manual modification of VSD services.
The password can be provided both as a plain text string, or as a
bcrypt encrypted hash.
The value of tmnxVsdPassword cannot be more than 56 characters if it
is a plain text string.
A get request on this object always returns an empty string."
DEFVAL { "" }
::= { tmnxPasswordInfo 31 }
tmnxPasswordAuthenOrder4 OBJECT-TYPE
SYNTAX TmnxPasswordAuthenOrder
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The least preferred method to authenticate and authorize a user."
DEFVAL { local }
::= { tmnxPasswordInfo 32 }
tmnxRadiusInfo OBJECT IDENTIFIER ::= { tmnxSecurityObjects 6 }
tmnxRadiusAdminStatus OBJECT-TYPE
SYNTAX TmnxAdminStateUpDown
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The desired administrative status of the RADIUS protocol operation."
DEFVAL { up }
::= { tmnxRadiusInfo 1 }
tmnxRadiusAccounting OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When the value of tmnxRadiusAccounting is set to 'TRUE', RADIUS
command accounting is enabled."
DEFVAL { false }
::= { tmnxRadiusInfo 2 }
tmnxRadiusAuthorization OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When the value of tmnxRadiusAuthorization is set to 'TRUE', RADIUS
command authorization is enabled."
DEFVAL { false }
::= { tmnxRadiusInfo 3 }
tmnxRadiusRetryAttempts OBJECT-TYPE
SYNTAX Unsigned32 (1..10)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Number of attempts to retry contacting the RADIUS server."
DEFVAL { 3 }
::= { tmnxRadiusInfo 4 }
tmnxRadiusTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..90)
UNITS "Seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Number of seconds to wait before timing out a RADIUS server."
DEFVAL { 3 }
::= { tmnxRadiusInfo 5 }
tmnxRadiusPort OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The UDP port number on which to contact the RADIUS server."
DEFVAL { 1812 }
::= { tmnxRadiusInfo 6 }
tmnxRadiusServerTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxRadiusServerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxRadiusServerEntry has an entry for each RADIUS server. The
table can have up to a maximum of 5 entries."
::= { tmnxRadiusInfo 7 }
tmnxRadiusServerEntry OBJECT-TYPE
SYNTAX TmnxRadiusServerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxRadiusServerEntry is an entry (conceptual row) in the
tmnxRadiusServerTable. Each entry represents the configuration for a
RADIUS server.
Entries in this table can be created and deleted via SNMP SET
operations to tmnxRadiusServerRowStatus."
INDEX { tmnxRadiusServerIndex }
::= { tmnxRadiusServerTable 1 }
TmnxRadiusServerEntry ::= SEQUENCE
{
tmnxRadiusServerIndex Unsigned32,
tmnxRadiusServerAddress IpAddress,
tmnxRadiusServerSecret OCTET STRING,
tmnxRadiusServerOperStatus INTEGER,
tmnxRadiusServerRowStatus RowStatus,
tmnxRadiusServerInetAddressType InetAddressType,
tmnxRadiusServerInetAddress InetAddress
}
tmnxRadiusServerIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..5)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The unique value which identifies a specific Radius server."
::= { tmnxRadiusServerEntry 1 }
tmnxRadiusServerAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The IP address of the RADIUS server.
tmnxRadiusServerAddress was made obsolete in 5.0 revision of
Nokia SROS series system. Radius servers are now
configured using tmnxRadiusServerInetAddress and
tmnxRadiusServerInetAddressType objects."
::= { tmnxRadiusServerEntry 2 }
tmnxRadiusServerSecret OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The secret key associated with the RADIUS server. The value returned
by tmnxRadiusServerSecret is always an empty string.
The value of tmnxRadiusServerSecret cannot be set to an empty string."
::= { tmnxRadiusServerEntry 3 }
tmnxRadiusServerOperStatus OBJECT-TYPE
SYNTAX INTEGER {
up (1),
down (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Current status of the RADIUS server."
::= { tmnxRadiusServerEntry 4 }
tmnxRadiusServerRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"tmnxRadiusServerRowStatus controls the creation and deletion of rows
in the table.
To create a row in the tmnxRadiusServerTable, set
tmnxRadiusServerRowStatus to createAndGo(4). Objects
tmnxRadiusServerSecret, tmnxRadiusServerInetAddressType, and
tmnxRadiusServerInetAddress must also be set at creation time.
To delete a row in the tmnxRadiusServerTable, set
tmnxRadiusServerRowStatus to delete(6)."
::= { tmnxRadiusServerEntry 5 }
tmnxRadiusServerInetAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxRadiusServerInetAddressType specifies the address
type of tmnxRadiusServerInetAddress address.
The value of tmnxRadiusServerInetAddressType can be either of
InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or
InetAddressType - 'ipv6z'."
::= { tmnxRadiusServerEntry 6 }
tmnxRadiusServerInetAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxRadiusServerInetAddress specifies the address of the
Radius server."
::= { tmnxRadiusServerEntry 7 }
tmnxRadiusSourceAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"tmnxRadiusSourceAddress is used to configure the source address of the
Radius packet. It should be a valid unicast address.
If this object is configured with the address of the router interface,
the Radius client uses it while making a request to the server.
If the address is not configured or is not the address of the one of
interfaces, the source address is based on the address of the Radius
server. If the server address is in-band, the client uses the system
ip address. If it is out-of-band, the source address is the address of
the management interface.
tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of
Nokia SROS series systems. The source address of the Radius
packet can now be set by creating a tmnxSourceIPEntry for Radius
application in the tmnxSourceIPTable."
DEFVAL { '00000000'H }
::= { tmnxRadiusInfo 8 }
tmnxRadiusConfigured OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"When the value of tmnxRadiusConfigured is set to 'false', all the
Radius objects under the tmnxRadiusInfo tree will be set to their
default values and all the rows in the tmnxRadiusServerTable will be
removed. The value of this object will be set to 'true' if non-default
values are set to the Radius objects.
This object has been obsoleted in release 14.0 R1."
DEFVAL { false }
::= { tmnxRadiusInfo 9 }
tmnxRadiusPEDiscovery OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"The value of tmnxRadiusPEDiscovery specifies whether RADIUS provider
edge discovery is enabled for VPLS services.
This object was made obsolete in release 5.0."
DEFVAL { false }
::= { tmnxRadiusInfo 10 }
tmnxRadiusPEDiscoveryPassword OBJECT-TYPE
SYNTAX OCTET STRING
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"The value of tmnxRadiusPEDiscoveryPassword is used when contacting the
RADIUS server for VPLS auto-discovery.
This object was made obsolete in release 5.0."
DEFVAL { ''H }
::= { tmnxRadiusInfo 11 }
tmnxRadiusPEDiscoveryInterval OBJECT-TYPE
SYNTAX Unsigned32 (1..30)
UNITS "minutes"
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"The value of tmnxRadiusPEDiscoveryInterval specifies the polling
interval for Radius PE discovery in minutes.
This object was made obsolete in release 5.0."
DEFVAL { 5 }
::= { tmnxRadiusInfo 12 }
tmnxRadiusPEForceDiscovery OBJECT-TYPE
SYNTAX TmnxActionType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When tmnxRadiusPEForceDiscovery is set to 'doAction', the RADIUS
server is immediately contacted to attempt discovery."
DEFVAL { notApplicable }
::= { tmnxRadiusInfo 13 }
tmnxRadiusPEForceDiscoverySvcId OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxRadiusPEForceDiscoverySvcId specifies a specific
service ID to query the RADIUS server about.
Reading this object returns the value 0."
DEFVAL { 0 }
::= { tmnxRadiusInfo 14 }
tmnxRadiusAccountingPort OBJECT-TYPE
SYNTAX Unsigned32 (1..65535)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The UDP port number on which to contact the RADIUS server for
accounting requests."
DEFVAL { 1813 }
::= { tmnxRadiusInfo 15 }
tmnxRadiusUseTemplate OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxRadiusUseTemplate specifies whether the RADIUS user
template is actively applied to the RADIUS user if no VSAs are
returned with the auth-accept from the RADIUS server. When the value
of tmnxRadiusUseTemplate is set to 'TRUE', the RADIUS user template is
actively applied if no VSAs are returned with the auth-accept from the
RADIUS server."
DEFVAL { false }
::= { tmnxRadiusInfo 16 }
tmnxRadiusAuthAlgorithm OBJECT-TYPE
SYNTAX TmnxSecRadiusServAlgorithm
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxRadiusAuthAlgorithm specifies the algorithm used to
select a RADIUS server from the list of configured servers
(tmnxRadiusServerTable)."
DEFVAL { direct }
::= { tmnxRadiusInfo 17 }
tmnxRadiusUserStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxRadiusUserStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxRadiusUserStatsTable is the Radius server statistics per user
using specific policy.
Entries are created and deleted by the system."
::= { tmnxRadiusInfo 18 }
tmnxRadiusUserStatsEntry OBJECT-TYPE
SYNTAX TmnxRadiusUserStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about Radius server statistics per user per policy."
INDEX {
tmnxUserName,
tmnxRadiusPolicyName,
tmnxRadiusUserServerIndex
}
::= { tmnxRadiusUserStatsTable 1 }
TmnxRadiusUserStatsEntry ::= SEQUENCE
{
tmnxRadiusPolicyName TNamedItem,
tmnxRadiusUserServerIndex Unsigned32,
tmnxRadiusUserReqTx Counter32,
tmnxRadiusUserReqRx Counter32,
tmnxRadiusUserOpenFail Counter32,
tmnxRadiusUserBindFail Counter32,
tmnxRadiusUserSendFail Counter32,
tmnxRadiusUserRecvFail Counter32,
tmnxRadiusUserSendTimeout Counter32,
tmnxRadiusUserLoginPass Counter32,
tmnxRadiusUserLoginFail Counter32,
tmnxRadiusUserMd5Fail Counter32,
tmnxRadiusUserPending Counter32,
tmnxRadiusUserAcctReqTx Counter32,
tmnxRadiusUserAcctRejRx Counter32,
tmnxRadiusUserAcctConnError Counter32,
tmnxRadiusUserAccChallengePkt Counter32,
tmnxRadiusUserAuthAvgDelay Gauge32,
tmnxRadiusUserAcctAvgDelay Gauge32
}
tmnxRadiusPolicyName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxRadiusPolicyName indicates the policy name used by the user to
access the Radius server."
::= { tmnxRadiusUserStatsEntry 1 }
tmnxRadiusUserServerIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..16)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the tmnxRadiusUserServerIndex identifies a specific
Radius server."
::= { tmnxRadiusUserStatsEntry 2 }
tmnxRadiusUserReqTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserReqTx indicates the number of requests sent to the
Radius server from the user using this policy."
::= { tmnxRadiusUserStatsEntry 3 }
tmnxRadiusUserReqRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserReqRx indicates the number of requests received by
the Radius server by the user using this policy."
::= { tmnxRadiusUserStatsEntry 4 }
tmnxRadiusUserOpenFail OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserOpenFail indicates the number of socket open
failures to the Radius server."
::= { tmnxRadiusUserStatsEntry 5 }
tmnxRadiusUserBindFail OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserBindFail indicates the number of socket bind
failures to the Radius server."
::= { tmnxRadiusUserStatsEntry 6 }
tmnxRadiusUserSendFail OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserSendFail indicates the number of socket send
failures to the Radius server."
::= { tmnxRadiusUserStatsEntry 7 }
tmnxRadiusUserRecvFail OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserRecvFail indicates the number of socket receive
failures to the Radius server."
::= { tmnxRadiusUserStatsEntry 8 }
tmnxRadiusUserSendTimeout OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserSendTimeout indicates the number of sends which
timed out waiting for reply from the Radius server."
::= { tmnxRadiusUserStatsEntry 9 }
tmnxRadiusUserLoginPass OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserLoginPass indicates the number of authentication
succeeded for the user using this policy to the Radius server."
::= { tmnxRadiusUserStatsEntry 10 }
tmnxRadiusUserLoginFail OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserLoginFail indicates the number of authentication
failed for the user using this policy to the Radius server."
::= { tmnxRadiusUserStatsEntry 11 }
tmnxRadiusUserMd5Fail OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserMd5Fail indicates the number of times authentication
failed due to MD5 for the user using this policy to the Radius server."
::= { tmnxRadiusUserStatsEntry 12 }
tmnxRadiusUserPending OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserPending indicates the number of requests pending for
the user using this policy to the Radius server."
::= { tmnxRadiusUserStatsEntry 13 }
tmnxRadiusUserAcctReqTx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserAcctReqTx indicates the number of accounting
requests for the user using this policy to the Radius server."
::= { tmnxRadiusUserStatsEntry 14 }
tmnxRadiusUserAcctRejRx OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserAcctRejRx indicates the number of accounting
rejections received for the user using this policy to the Radius
server."
::= { tmnxRadiusUserStatsEntry 15 }
tmnxRadiusUserAcctConnError OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserAcctConnError indicates the number of accounting
connection failures for the user using this policy to the Radius
server."
::= { tmnxRadiusUserStatsEntry 16 }
tmnxRadiusUserAccChallengePkt OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserAccChallengePkt indicates the number of packets
which challenged access to the user account from the Radius server."
::= { tmnxRadiusUserStatsEntry 17 }
tmnxRadiusUserAuthAvgDelay OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserAuthAvgDelay indicates the average response delay of
the last 10 authentication packets."
::= { tmnxRadiusUserStatsEntry 18 }
tmnxRadiusUserAcctAvgDelay OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxRadiusUserAcctAvgDelay indicates the average response delay of
the last 10 accounting packets."
::= { tmnxRadiusUserStatsEntry 19 }
tmnxRadiusInteractiveAuthen OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxRadiusInteractiveAuthen specifies whether
challenge/response authentication is enabled.
If the value of this object is set to 'true(1)', the Reply-Message
from the Access-Challenge packet is displayed, and the User-Password
in the new Access-Request packet contains the response of the user.
If the value of this object is set to 'false(2)', challenge/response
authentication is disabled."
DEFVAL { false }
::= { tmnxRadiusInfo 19 }
tmnxTacPlusInfo OBJECT IDENTIFIER ::= { tmnxSecurityObjects 7 }
tmnxTacPlusAdminStatus OBJECT-TYPE
SYNTAX INTEGER {
up (1),
down (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The desired administrative status of the Tacacs+ protocol operation."
DEFVAL { up }
::= { tmnxTacPlusInfo 1 }
tmnxTacPlusTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..90)
UNITS "Seconds"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"Number of seconds to wait before timing out a Tacacs+ server."
DEFVAL { 3 }
::= { tmnxTacPlusInfo 2 }
tmnxTacPlusServerTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxTacPlusServerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxTacPlusServerEntry has an entry for each Tacacs+ server. The
table can have up to a maximum of 5 entries."
::= { tmnxTacPlusInfo 3 }
tmnxTacPlusServerEntry OBJECT-TYPE
SYNTAX TmnxTacPlusServerEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxTacPlusServerEntry is an entry (conceptual row) in the
tmnxTacPlusServerTable. Each entry represents the configuration for a
Tacacs+ server. Entries in this table can be created and deleted via
SNMP SET operations to tmnxTacPlusServerRowStatus."
INDEX { tmnxTacPlusServerIndex }
::= { tmnxTacPlusServerTable 1 }
TmnxTacPlusServerEntry ::= SEQUENCE
{
tmnxTacPlusServerIndex Unsigned32,
tmnxTacPlusServerAddress IpAddress,
tmnxTacPlusServerSecret OCTET STRING,
tmnxTacPlusServerRowStatus RowStatus,
tmnxTacPlusServerOperStatus INTEGER,
tmnxTacPlusServerInetAddressType InetAddressType,
tmnxTacPlusServerInetAddress InetAddress,
tmnxTacPlusServerPort TTcpUdpPort
}
tmnxTacPlusServerIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..5)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The unique value which identifies a specific Tacacs+ server."
::= { tmnxTacPlusServerEntry 1 }
tmnxTacPlusServerAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS obsolete
DESCRIPTION
"The IP address of the Tacacs+ server.
tmnxTacPlusServerAddress was made obsolete in 5.0 revision of Nokia
SROS series system. Tacacs+ servers are now configured using
tmnxTacPlusServerInetAddress and tmnxTacPlusServerInetAddressType
objects."
::= { tmnxTacPlusServerEntry 2 }
tmnxTacPlusServerSecret OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..128))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The secret key associated with the Tacacs+ server. The value returned
by tmnxTacPlusServerSecret is always an empty string.
The value of tmnxTacPlusServerSecret cannot be set to an empty string."
::= { tmnxTacPlusServerEntry 3 }
tmnxTacPlusServerRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"tmnxTacPlusServerRowStatus controls the creation and deletion of rows
in the table.
To create a row in the tmnxTacPlusServerTable, set
tmnxTacPlusServerRowStatus to createAndGo(4). Objects
tmnxTacPlusServerSecret, tmnxTacPlusServerInetAddressType, and
tmnxTacPlusServerInetAddress must also be set at creation time.
To delete a row in the tmnxTacPlusServerTable, set
tmnxTacPlusServerRowStatus to delete(6)."
::= { tmnxTacPlusServerEntry 4 }
tmnxTacPlusServerOperStatus OBJECT-TYPE
SYNTAX INTEGER {
up (1),
down (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"tmnxTacPlusServerOperStatus indicates the operational status of the
TACACS+ server."
::= { tmnxTacPlusServerEntry 5 }
tmnxTacPlusServerInetAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxTacPlusServerInetAddressType specifies the address
type of tmnxTacPlusServerInetAddress address.
The value of tmnxTacPlusServerInetAddressType can be either of
InetAddressType - 'ipv4' or InetAddressType - 'ipv6' or
InetAddressType - 'ipv6z'."
::= { tmnxTacPlusServerEntry 6 }
tmnxTacPlusServerInetAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16|20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxTacPlusServerInetAddress specifies the address of the
Tacplus server."
::= { tmnxTacPlusServerEntry 7 }
tmnxTacPlusServerPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxTacPlusServerPort specifies the TCP port on which to
contact the Tacplus server."
DEFVAL { 49 }
::= { tmnxTacPlusServerEntry 8 }
tmnxTacPlusAccounting OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When the value of tmnxTacPlusAccounting is set to 'TRUE', TACACS+
command accounting is enabled."
DEFVAL { false }
::= { tmnxTacPlusInfo 4 }
tmnxTacPlusAcctRecType OBJECT-TYPE
SYNTAX INTEGER {
startStop (1),
stopOnly (2)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxTacPlusAcctRecType is used to configure the type of accounting
record packet that is to be sent to the TACACS+ server. The value
indicates whether TACACS+ accounting start and stop packets be sent or
just stop packets be sent. TACACS+ start packet is sent whenever the
user executes a command. A stop packet is sent whenever the command
execution is complete. The default value for this object is
'stopOnly'."
DEFVAL { stopOnly }
::= { tmnxTacPlusInfo 5 }
tmnxTacPlusAuthorization OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When the value of tmnxTacPlusAuthorization is set to 'TRUE', TACACS+
command authorization is enabled."
DEFVAL { false }
::= { tmnxTacPlusInfo 6 }
tmnxTacPlusSingleConnection OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"When the value of tmnxTacPlusSingleConnection is set to 'TRUE', a
single connection is established with the TACACS+ server. The
connection is kept open and is used by all the TELNET/SSH/FTP sessions
for AAA operations.
This object is obsoleted in release 8.0."
DEFVAL { false }
::= { tmnxTacPlusInfo 7 }
tmnxTacPlusSourceAddress OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"tmnxTacPlusSourceAddress is used to configure the source address of
the TACACS+ packet. It should be a valid unicast address.
If this object is configured with the address of the router interface,
the TACACS+ client uses it while making a request to the server.
If the address is not configured or is not the address of the one of
interfaces, the source address is based on the address of the TACACS+
server. If the server address is in-band, the client uses the system
ip address as the source address. If it is out-of-band, the source
address is the address of the management interface.
tmnxRadiusSourceAddress was made obsolete in the 4.0 revision of Nokia
SROS series systems. The source address of the TACACS+ packet can now
be set by creating a tmnxSourceIPEntry for TACACS+ application in the
tmnxSourceIPTable."
DEFVAL { '00000000'H }
::= { tmnxTacPlusInfo 8 }
tmnxTacPlusConfigured OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS obsolete
DESCRIPTION
"When the value of tmnxTacPlusConfigured is set to 'false', all the
Tacplus objects under the tmnxTacPlusInfo tree will be set to their
default values and all the rows in the tmnxTacPlusServerTable will be
removed. The value of this object will be set to 'true' if non-default
values are set to the 'TacPlus' objects.
This object has been obsoleted in release 14.0 R1."
DEFVAL { false }
::= { tmnxTacPlusInfo 9 }
tmnxTacplusUseTemplate OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxTacplusUseTemplate specifies whether the TACACS+ user
template is actively applied to the TACACS+ user. When the value of
tmnxTacplusUseTemplate is set to 'true(1)', the TACACS+ user template
is actively applied."
DEFVAL { true }
::= { tmnxTacPlusInfo 10 }
tmnxTacPlusInteractiveAuthen OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxTacPlusInteractiveAuthen specifies whether
interactive authentication is enabled.
If the value of this object is set to 'true(1)', no username nor
password is sent in the TACACS+ authentication START message, and the
server_msg in the TAC_PLUS_AUTHEN_STATUS_GETUSER and
TAC_PLUS_AUTHEN_STATUS_GETPASS authentication REPLY messages from the
TACACS+ server are displayed. The server_msg may contain an S/Key for
one-time password operation.
If the value of this object is set to 'false(2)', the username and
password are sent in the TACACS+ authentication START message."
DEFVAL { false }
::= { tmnxTacPlusInfo 11 }
tmnxTacPlusAuthorUsePrivLvl OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxTacPlusAuthorUsePrivLvl specifies whether the
privilege level mapping is used.
When the value of tmnxTacPlusAuthorization is 'true(1)' and the value
of tmnxTacPlusAuthorUsePrivLvl is 'true(1)', the value of attribute
'priv-lvl' in the TACACS+ authorization RESPONSE packet is mapped to
the user profile defined in tmnxTacPlusPrivLvlMapTable. That user
profile is used for authorization."
DEFVAL { false }
::= { tmnxTacPlusInfo 12 }
tmnxServerCtlObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 8 }
tmnxEnableServers OBJECT-TYPE
SYNTAX BITS {
telnet (0),
ssh (1),
ftp (2),
telnet6 (3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxEnableServers is used to enable/disable telnet, SSH, FTP, and
telnet v6 servers running on the system. By default, at system
startup, only SSH server will be enabled."
DEFVAL { {ssh} }
::= { tmnxServerCtlObjs 1 }
tmnxTelnetServerOperStatus OBJECT-TYPE
SYNTAX TmnxOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"tmnxTelnetServerOperStatus indicates the operational status of the
telnet server. If the value of this object changes, a generic trap
TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
::= { tmnxServerCtlObjs 2 }
tmnxSSHServerOperStatus OBJECT-TYPE
SYNTAX TmnxOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"tmnxSSHServerOperStatus indicates the operational status of the SSH
server. If the value of this object changes, a generic trap
TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
::= { tmnxServerCtlObjs 3 }
tmnxFTPServerOperStatus OBJECT-TYPE
SYNTAX TmnxOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"tmnxFTPServerOperStatus indicates the operational status of the FTP
server. If the value of this object changes, a generic trap
TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
::= { tmnxServerCtlObjs 4 }
tmnxTelnet6ServerOperStatus OBJECT-TYPE
SYNTAX TmnxOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxTelnet6ServerOperStatus indicates the operational
status of the IPv6 telnet server. If the value of this object changes,
a generic trap TIMETRA-SYSTEM-MIB:tmnxStateChange will be sent."
::= { tmnxServerCtlObjs 5 }
tmnxCpmSecurityObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 9 }
tmnxCpmPerPeerQueuing OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When tmnxCpmPerPeerQueuing is set to 'true', CPM hardware queuing
per peer is enabled. This means that when a peering session is
established, the router will automatically allocate a separate
CPM hardware queue for that peer. When tmnxCpmPerPeerQueuing is
set to 'false', CPM hardware queuing per peer is disabled.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
DEFVAL { false }
::= { tmnxCpmSecurityObjs 1 }
tmnxCpmQueuesTotal OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmQueuesTotal indicates the total number of CPM
hardware queues.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 2 }
tmnxCpmQueuesInUse OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmQueuesInUse indicates the number of CPM hardware
queues that are in use.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 3 }
tCpmFilterQueueTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmFilterQueueEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmFilterQueueTable has an entry for each CPM filter queue
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 4 }
tCpmFilterQueueEntry OBJECT-TYPE
SYNTAX TCpmFilterQueueEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents a particular CPM Filter Queue. Entries are
created/deleted by user. Entries have a presumed StorageType of
nonVolatile."
INDEX { tCpmFilterQueueId }
::= { tCpmFilterQueueTable 1 }
TCpmFilterQueueEntry ::= SEQUENCE
{
tCpmFilterQueueId TCpmFilterQueueId,
tCpmFilterQueueRowStatus RowStatus,
tCpmFilterQueueLastChanged TimeStamp,
tCpmFilterQueueAdminPIR TPIRRate,
tCpmFilterQueueAdminCIR TCIRRate,
tCpmFilterQueueCBS TCpmFilterBurstSize,
tCpmFilterQueueMBS TCpmFilterBurstSize,
tCpmFilterQueueReferences Unsigned32,
tCpmFilterQueueOperPIR TPIRRateOrZero,
tCpmFilterQueueOperCIR TCIRRate
}
tCpmFilterQueueId OBJECT-TYPE
SYNTAX TCpmFilterQueueId (33..2000)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueId is used to index into the
tCpmFilterQueueTable. It uniquely identifies a CPM Queue as configured
on this system."
::= { tCpmFilterQueueEntry 1 }
tCpmFilterQueueRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueRowStatus specifies the row status. It
allows entries to be created or deleted in the tCpmFilterQueueEntry
table."
::= { tCpmFilterQueueEntry 2 }
tCpmFilterQueueLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueLastChanged indicates the timestamp of the
last change to this row in tCpmFilterQueueTable."
::= { tCpmFilterQueueEntry 3 }
tCpmFilterQueueAdminPIR OBJECT-TYPE
SYNTAX TPIRRate
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueAdminPIR specifies the Peak Information
Rate associated with this queue.
This object can only be set to 1 or -1, when the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'."
DEFVAL { -1 }
::= { tCpmFilterQueueEntry 4 }
tCpmFilterQueueAdminCIR OBJECT-TYPE
SYNTAX TCIRRate
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueAdminCIR specifies the Committed
Information Rate associated with this queue.
This object cannot be set when the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'."
DEFVAL { -1 }
::= { tCpmFilterQueueEntry 5 }
tCpmFilterQueueCBS OBJECT-TYPE
SYNTAX TCpmFilterBurstSize
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueCBS specifies the Committed Burst Excess
associated with this queue.
This object cannot be set when the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '8'."
DEFVAL { -1 }
::= { tCpmFilterQueueEntry 6 }
tCpmFilterQueueMBS OBJECT-TYPE
SYNTAX TCpmFilterBurstSize
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueMBS specifies the Maximum Burst Size
associated with this queue."
DEFVAL { -1 }
::= { tCpmFilterQueueEntry 7 }
tCpmFilterQueueReferences OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueReferences indicates the count of filter
entries using this particular queue to forward traffic to the main
CPU."
::= { tCpmFilterQueueEntry 8 }
tCpmFilterQueueOperPIR OBJECT-TYPE
SYNTAX TPIRRateOrZero
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueOperPIR indicates the operational value of
the Peak Information Rate associated with this queue. This value can
be zero if the queue is not instantiated."
::= { tCpmFilterQueueEntry 9 }
tCpmFilterQueueOperCIR OBJECT-TYPE
SYNTAX TCIRRate
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQueueOperCIR indicates the operational value of
the Committed Information Rate associated with this queue."
::= { tCpmFilterQueueEntry 10 }
tmnxCpmHwFilterObjs OBJECT IDENTIFIER ::= { tmnxCpmSecurityObjs 5 }
tCpmFilterDefaultAction OBJECT-TYPE
SYNTAX TCpmFilterActionOrDefault { drop (1), forward (2) }
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tCpmFilterDefaultAction specifies the action to take for
packets that do not match any filter entries.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
DEFVAL { forward }
::= { tmnxCpmHwFilterObjs 1 }
tCpmIpFilterAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tCpmIpFilterAdminState specifies the administrative state
of the CPM IPv4 filter.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
DEFVAL { outOfService }
::= { tmnxCpmHwFilterObjs 2 }
tCpmIPv6FilterAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterAdminState specifies the administrative
state of the CPM IPv6 filter.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
DEFVAL { outOfService }
::= { tmnxCpmHwFilterObjs 3 }
tCpmMacFilterAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tCpmMacFilterAdminState specifies the administrative
state of the CPM Mac filter.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
DEFVAL { outOfService }
::= { tmnxCpmHwFilterObjs 4 }
tCpmIpFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmIpFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmIpFilterTable has an entry for each CPM IPv4 filter entry
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 6 }
tCpmIpFilterEntry OBJECT-TYPE
SYNTAX TCpmIpFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents a particular Cpm Filter match entry. Every
Cpm Filter can have zero or more Cpm Filter match entries. A filter
entry with no match criteria set will match every packet, and the
entry action will be taken. Entries are created/deleted by user. There
is no StorageType object, entries have a presumed StorageType of
nonVolatile."
INDEX { tCpmIpFilterEntryId }
::= { tCpmIpFilterTable 1 }
TCpmIpFilterEntry ::= SEQUENCE
{
tCpmIpFilterEntryId TEntryId,
tCpmIpFilterEntryRowStatus RowStatus,
tCpmIpFilterEntryLastChanged TimeStamp,
tCpmIpFilterEntryLogId TFilterLogId,
tCpmIpFilterEntryDescription TItemDescription,
tCpmIpFilterEntryAction TCpmFilterActionOrDefault,
tCpmIpFilterEntryQueueId TCpmFilterQueueId,
tCpmIpFilterEntrySrcIPAddr IpAddress,
tCpmIpFilterEntrySrcIPMask IpAddressPrefixLength,
tCpmIpFilterEntryDestIPAddr IpAddress,
tCpmIpFilterEntryDestIPMask IpAddressPrefixLength,
tCpmIpFilterEntryProtocol TIpProtocol,
tCpmIpFilterEntrySrcPort TTcpUdpPort,
tCpmIpFilterEntrySrcPortMask Integer32,
tCpmIpFilterEntryDestPort TTcpUdpPort,
tCpmIpFilterEntryDestPortMask Integer32,
tCpmIpFilterEntryDSCP TDSCPNameOrEmpty,
tCpmIpFilterEntryFragment TItemMatch,
tCpmIpFilterEntryOptionPresent TItemMatch,
tCpmIpFilterEntryIPOptionValue TIpOption,
tCpmIpFilterEntryIPOptionMask TIpOption,
tCpmIpFilterEntryMultipleOption TItemMatch,
tCpmIpFilterEntryTcpSyn TItemMatch,
tCpmIpFilterEntryTcpAck TItemMatch,
tCpmIpFilterEntryIcmpCode TIcmpCodeOrNone,
tCpmIpFilterEntryIcmpType TIcmpTypeOrNone,
tCpmIpFilterEntryVRtrId TmnxVRtrIDOrZero,
tCpmIpFilterEntryLogCreated TruthValue,
tCpmIpFilterEntrySrcIpPrefixList TNamedItemOrEmpty,
tCpmIpFilterEntryDstIpPrefixList TNamedItemOrEmpty,
tCpmIpFilterEntrySrcPortHigh TTcpUdpPort,
tCpmIpFilterEntrySrcPortOper TCpmFilterPortOperator,
tCpmIpFilterEntryDestPortHigh TTcpUdpPort,
tCpmIpFilterEntryDestPortOper TCpmFilterPortOperator,
tCpmIpFilterEntrySrcPortList TNamedItemOrEmpty,
tCpmIpFilterEntryDstPortList TNamedItemOrEmpty,
tCpmIpFilterEntryPortSelector TFltrPortSelector
}
tCpmIpFilterEntryId OBJECT-TYPE
SYNTAX TEntryId (1..131072)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryId is used to index into the
tCpmIpFilterTable. It uniquely identifies a CPM filter entry as
configured on this system."
::= { tCpmIpFilterEntry 1 }
tCpmIpFilterEntryRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryRowStatus specifies the row status. It
allows entries to be created and deleted in the tCpmIpFilterTable."
::= { tCpmIpFilterEntry 2 }
tCpmIpFilterEntryLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryLastChanged indicates the timestamp of
the last change to this row in tCpmIpFilterTable."
::= { tCpmIpFilterEntry 3 }
tCpmIpFilterEntryLogId OBJECT-TYPE
SYNTAX TFilterLogId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryLogId specifies the log in which packets
matching this entry should be entered. The value zero indicates that
logging is disabled."
DEFVAL { 0 }
::= { tCpmIpFilterEntry 4 }
tCpmIpFilterEntryDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryDescription specifies the user-provided
string describing this filter."
DEFVAL { ''H }
::= { tCpmIpFilterEntry 5 }
tCpmIpFilterEntryAction OBJECT-TYPE
SYNTAX TCpmFilterActionOrDefault
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryAction specifies the action to take for
packets that match this filter entry. The value default(4) specifies
this entry to inherit the behavior defined as the default for the
filter in tCpmFilterDefaultAction.
The value queue(3) can only be specified if a valid queue id is
entered in tCpmIpFilterEntryQueueId.
An 'inconsistentValue' error is returned if the value of this object
is set to queue(3), when the value of the object
tCpmIpFilterEntryProtocol is set to vrrp (112)."
DEFVAL { drop }
::= { tCpmIpFilterEntry 6 }
tCpmIpFilterEntryQueueId OBJECT-TYPE
SYNTAX TCpmFilterQueueId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryQueueId specifies which queue to put the
packet in when tCpmIpFilterEntryAction is queue (3).
If the value of tCpmIpFilterEntryAction is different from queue (3)
tCpmIpFilterEntryQueueId will be forced by the system to 0, and any
change attempt will be silently discarded."
DEFVAL { 0 }
::= { tCpmIpFilterEntry 7 }
tCpmIpFilterEntrySrcIPAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntrySrcIPAddr specifies the IP address to
match the source IP address of the packet."
DEFVAL { '00000000'H }
::= { tCpmIpFilterEntry 8 }
tCpmIpFilterEntrySrcIPMask OBJECT-TYPE
SYNTAX IpAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntrySrcIPMask specifies the IP Mask value
for this policy Cpm FilterEntry entry. The mask is ANDed with the IP
to match the tCpmIpFilterEntrySrcIPAddr."
DEFVAL { 0 }
::= { tCpmIpFilterEntry 9 }
tCpmIpFilterEntryDestIPAddr OBJECT-TYPE
SYNTAX IpAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryDestIPAddr specifies the IP address to
match the destination IP address of the packet."
DEFVAL { '00000000'H }
::= { tCpmIpFilterEntry 10 }
tCpmIpFilterEntryDestIPMask OBJECT-TYPE
SYNTAX IpAddressPrefixLength
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryDestIPMask specifies the IP Mask value
for this policy Cpm FilterEntry entry. The mask is ANDed with the IP
to match the tCpmIpFilterEntryDestIPAddr."
DEFVAL { 0 }
::= { tCpmIpFilterEntry 11 }
tCpmIpFilterEntryProtocol OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryProtocol specifies the IP protocol to
match. It can be set to -1 to disable matching Cpm protocol. If the
protocol is changed, the protocol specific parameters are reset. For
instance, if protocol is changed from TCP to UDP, then the objects
tCpmIpFilterEntryTcpSyn and tCpmIpFilterEntryTcpAck will be turned
off.
An 'inconsistentValue' error is returned if the value of this object
is is set to vrrp (112), when the value of the object
tCpmIpFilterEntryAction is set to queue(3)."
DEFVAL { -1 }
::= { tCpmIpFilterEntry 12 }
tCpmIpFilterEntrySrcPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntrySrcPort specifies the TCP/UDP port to
match the source port of the packet.
See also the description of tCpmIpFilterEntrySrcPortOper for
additional information about this object"
DEFVAL { 0 }
::= { tCpmIpFilterEntry 13 }
tCpmIpFilterEntrySrcPortMask OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntrySrcPortMask specifies the 16 bit mask to
be applied when matching tCpmIpFilterEntrySrcPort.
See also the description of tCpmIpFilterEntrySrcPortOper for
additional information about this object"
DEFVAL { 0 }
::= { tCpmIpFilterEntry 14 }
tCpmIpFilterEntryDestPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryDestPort specifies the TCP/UDP port to
match the destination port of the packet.
See also the description of tCpmIpFilterEntryDestPortOper for
additional information about this object"
DEFVAL { 0 }
::= { tCpmIpFilterEntry 15 }
tCpmIpFilterEntryDestPortMask OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryDestPortMask specifies the 16 bit mask
to be applied when matching tCpmIpFilterEntryDestPortOper.
See also the description of tCpmIpFilterEntryDestPortHigh for
additional information about this object"
DEFVAL { 0 }
::= { tCpmIpFilterEntry 16 }
tCpmIpFilterEntryDSCP OBJECT-TYPE
SYNTAX TDSCPNameOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryDSCP specifies the DSCP to be matched on
the packet."
DEFVAL { ''H }
::= { tCpmIpFilterEntry 17 }
tCpmIpFilterEntryFragment OBJECT-TYPE
SYNTAX TItemMatch
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryFragment specifies whether fragment
matching is enabled. When enabled, this object matches
fragmented/unfragmented packets as per the value of the object."
DEFVAL { off }
::= { tCpmIpFilterEntry 18 }
tCpmIpFilterEntryOptionPresent OBJECT-TYPE
SYNTAX TItemMatch
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryOptionPresent specifies whether IP
options matching is enabled. When enables, this object matches packets
if they have options present or not as per the value of the object."
DEFVAL { off }
::= { tCpmIpFilterEntry 19 }
tCpmIpFilterEntryIPOptionValue OBJECT-TYPE
SYNTAX TIpOption
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryIPOptionValue specifies the specific IP
option to match."
DEFVAL { 0 }
::= { tCpmIpFilterEntry 20 }
tCpmIpFilterEntryIPOptionMask OBJECT-TYPE
SYNTAX TIpOption
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryIPOptionMask specifies the mask that is
ANDed with the IP option in the packet header before being compared to
tCpmIpFilterEntryIPOptionValue."
DEFVAL { 0 }
::= { tCpmIpFilterEntry 21 }
tCpmIpFilterEntryMultipleOption OBJECT-TYPE
SYNTAX TItemMatch
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryMultipleOption specifies whether
multiple options are to be matched as per the value of the object."
DEFVAL { off }
::= { tCpmIpFilterEntry 22 }
tCpmIpFilterEntryTcpSyn OBJECT-TYPE
SYNTAX TItemMatch
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryTcpSyn specifies whether a TCP Syn
packet should match."
DEFVAL { off }
::= { tCpmIpFilterEntry 23 }
tCpmIpFilterEntryTcpAck OBJECT-TYPE
SYNTAX TItemMatch
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryTcpAck specifies whether a TCP Ack
packet should match."
DEFVAL { off }
::= { tCpmIpFilterEntry 24 }
tCpmIpFilterEntryIcmpCode OBJECT-TYPE
SYNTAX TIcmpCodeOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryIcmpCode specifies the ICMP code to be
matched.
The value -1 means ICMP code matching is disabled."
DEFVAL { -1 }
::= { tCpmIpFilterEntry 25 }
tCpmIpFilterEntryIcmpType OBJECT-TYPE
SYNTAX TIcmpTypeOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryIcmpType specifies the ICMP type to be
matched.
The value -1 means ICMP type matching is disabled."
DEFVAL { -1 }
::= { tCpmIpFilterEntry 26 }
tCpmIpFilterEntryVRtrId OBJECT-TYPE
SYNTAX TmnxVRtrIDOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryVRtrId specifies the virtual router ID
to be matched. When the value is '0', no virtual router matching
occurs."
DEFVAL { 0 }
::= { tCpmIpFilterEntry 27 }
tCpmIpFilterEntryLogCreated OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmIpFilterEntryLogCreated indicates whether the filter
log for this filter entry has been instantiated."
::= { tCpmIpFilterEntry 28 }
tCpmIpFilterEntrySrcIpPrefixList OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object specifies the IP prefix list used as match
criterion for the source ip address.
The value specified for this object must correspond to a prefix list
defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.
If the value of this object is empty then the values of the objects
tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask are used as
source ip address match criterion.
When this object is set to a non-empty value then the objects
tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask are reset to
their default values by the system.
Vice versa, when a new (non-default) value is provided for the objects
tCpmIpFilterEntrySrcIPAddr and tCpmIpFilterEntrySrcIPMask then this
object is reset to its default (empty) value by the system.
An attempt to set tCpmIpFilterEntrySrcIpPrefixList to a non-default
value in combination with setting any of tCpmIpFilterEntrySrcIPAddr or
tCpmIpFilterEntrySrcIPMask to (a) non-default value(s) is rejected by
the system"
DEFVAL { ''H }
::= { tCpmIpFilterEntry 30 }
tCpmIpFilterEntryDstIpPrefixList OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object specifies the IP prefix list used as match
criterion for the destination ip address.
The value specified for this object must correspond to a prefix list
defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.
If the value of this object is empty then the values of the objects
tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask are used
as source ip address match criterion.
When this object is set to a non-empty value then the objects
tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask are reset
to their default values by the system.
Vice versa, when a new (non-default) value is provided for the objects
tCpmIpFilterEntryDestIPAddr and tCpmIpFilterEntryDestIPMask then this
object is reset to its default (empty) value by the system.
An attempt to set tCpmIpFilterEntryDstIpPrefixList to a non-default
value in combination with setting any of tCpmIpFilterEntryDestIPAddr
or tCpmIpFilterEntryDestIPMask to (a) non-default value(s) is rejected
by the system"
DEFVAL { ''H }
::= { tCpmIpFilterEntry 31 }
tCpmIpFilterEntrySrcPortHigh OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the upper value for the TCP/UDP port range that
is used as match criterion for the source port of a packet.
See also the description of tCpmIpFilterEntrySrcPortOper for
additional information about this object
Setting tCpmIpFilterEntrySrcPortOper to range in combination with a
value for tCpmIpFilterEntrySrcPort greater than the value for
tCpmIpFilterEntrySrcPortHigh will be rejected by the system."
DEFVAL { 0 }
::= { tCpmIpFilterEntry 32 }
tCpmIpFilterEntrySrcPortOper OBJECT-TYPE
SYNTAX TCpmFilterPortOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the manner in which tCpmIpFilterEntrySrcPort,
tCpmIpFilterEntrySrcPortMask, and tCpmIpFilterEntrySrcPortHigh are to
be used. See description of TCpmFilterPortOperator."
DEFVAL { mask }
::= { tCpmIpFilterEntry 33 }
tCpmIpFilterEntryDestPortHigh OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the upper value for the TCP/UDP port range that
is used as match criterion for the destination port of a packet.
See also the description of tCpmIpFilterEntryDestPortOper for
additional information about this object
Setting tCpmIpFilterEntryDestPortOper to range in combination with a
value for tCpmIpFilterEntryDestPort greater than the value for
tCpmIpFilterEntryDestPortHigh will be rejected by the system."
DEFVAL { 0 }
::= { tCpmIpFilterEntry 34 }
tCpmIpFilterEntryDestPortOper OBJECT-TYPE
SYNTAX TCpmFilterPortOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the manner in which tCpmIpFilterEntryDestPort,
tCpmIpFilterEntryDestPortMask, and tCpmIpFilterEntryDestPortHigh are
to be used. See description of TCpmFilterPortOperator."
DEFVAL { mask }
::= { tCpmIpFilterEntry 35 }
tCpmIpFilterEntrySrcPortList OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object specifies the port-list used as match
criterion for the source port.
The value specified for this object must correspond to a port-list
defined in TIMETRA-FILTER-MIB::tFilterPortListTable.
If the value of this object is empty then the values of the objects
tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask,
tCpmIpFilterEntrySrcPortHigh and tCpmIpFilterEntrySrcPortOper are used
as source port match criterion.
When this object is set to a non-empty value then the objects
tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask,
tCpmIpFilterEntrySrcPortHigh and tCpmIpFilterEntrySrcPortOper are
reset to their default values by the system.
Vice versa, when a new (non-default) value is provided for one of the
objects tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask,
tCpmIpFilterEntrySrcPortHigh, or tCpmIpFilterEntrySrcPortOper then
tCpmIpFilterEntrySrcPortList is reset to its default (empty) value by
the system.
Setting any one of the objects tCpmIpFilterEntrySrcPort,
tCpmIpFilterEntrySrcPortMask, tCpmIpFilterEntrySrcPortHigh,
tCpmIpFilterEntrySrcPortOper to a non-default value in combination
with a non-default value for the object tCpmIpFilterEntrySrcPortList
is rejected by the system"
DEFVAL { ''H }
::= { tCpmIpFilterEntry 36 }
tCpmIpFilterEntryDstPortList OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object specifies the port-list used as match
criterion for the destination port.
The value specified for this object must correspond to a port-list
defined in TIMETRA-FILTER-MIB::tFilterPortListTable.
If the value of this object is empty then the values of the objects
tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask,
tCpmIpFilterEntryDestPortHigh and tCpmIpFilterEntryDestPortOper are
used as destination port match criterion.
When this object is set to a non-empty value then the objects
tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask,
tCpmIpFilterEntryDestPortHigh and tCpmIpFilterEntryDestPortOper are
reset to their default values by the system.
Vice versa, when a new (non-default) value is provided for one of the
objects tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask,
tCpmIpFilterEntryDestPortHigh or tCpmIpFilterEntryDestPortOper then
tCpmIpFilterEntryDstPortList is reset to its default (empty) value by
the system.
Setting any one of the objects tCpmIpFilterEntryDestPort,
tCpmIpFilterEntryDestPortMask, tCpmIpFilterEntryDestPortHigh,
tCpmIpFilterEntryDestPortOper to a non-default value in combination
with a non-default value for the object tCpmIpFilterEntryDstPortList
is rejected by the system."
DEFVAL { ''H }
::= { tCpmIpFilterEntry 37 }
tCpmIpFilterEntryPortSelector OBJECT-TYPE
SYNTAX TFltrPortSelector
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies how the source port objects
(tCpmIpFilterEntrySrcPort, tCpmIpFilterEntrySrcPortMask,
tCpmIpFilterEntrySrcPortHigh, tCpmIpFilterEntrySrcPortOper,
tCpmIpFilterEntrySrcPortList) and destination port objects
(tCpmIpFilterEntryDestPort, tCpmIpFilterEntryDestPortMask,
tCpmIpFilterEntryDestPortHigh, tCpmIpFilterEntryDestPortOper,
tCpmIpFilterEntryDstPortList) are combined to form the filter match
criterion. See description of TFltrPortSelector.
An 'inconsistentValue' error is returned if this object is not set
along with source port or destination port objects."
DEFVAL { and-port }
::= { tCpmIpFilterEntry 38 }
tCpmIpFilterStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmIpFilterStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmIpFilterStatsTable has a stats entry for each entry in each
CPM filter configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 7 }
tCpmIpFilterStatsEntry OBJECT-TYPE
SYNTAX TCpmIpFilterStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the statistics related to the
tCpmIpFilterEntry indexed by the same tCpmIpFilterEntryId. Entries are
created when tCpmIpFilterEntry rows are created."
INDEX { tCpmIpFilterEntryId }
::= { tCpmIpFilterStatsTable 1 }
TCpmIpFilterStatsEntry ::= SEQUENCE
{
tCpmIpFilterStatsDroppedPkts Counter64,
tCpmIpFilterStatsForwardedPkts Counter64
}
tCpmIpFilterStatsDroppedPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmIpFilterStatsDroppedPkts indicates the number of
packets dropped due to the tCpmIpFilterEntry with the same index."
::= { tCpmIpFilterStatsEntry 1 }
tCpmIpFilterStatsForwardedPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmIpFilterStatsForwardedPkts indicates the number of
packets forwarded due to the tCpmIpFilterEntry with the same index."
::= { tCpmIpFilterStatsEntry 2 }
tCpmFilterQueueStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmFilterQueueStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmFilterQueueStatsTable has a stats entry for each CPM filter
queue configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 8 }
tCpmFilterQueueStatsEntry OBJECT-TYPE
SYNTAX TCpmFilterQueueStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the statistics related to the
tCpmFilterQueueEntry indexed by the same tCpmFilterQueueId. Entries
are created when tCpmFilterQueueEntry rows are created."
INDEX { tCpmFilterQueueId }
::= { tCpmFilterQueueStatsTable 1 }
TCpmFilterQueueStatsEntry ::= SEQUENCE
{
tCpmFilterQInProfileDropPkts Counter64,
tCpmFilterQInProfileFwdPkts Counter64,
tCpmFilterQInProfileDropOctets Counter64,
tCpmFilterQInProfileFwdOctets Counter64,
tCpmFilterQOutProfileDropPkts Counter64,
tCpmFilterQOutProfileFwdPkts Counter64,
tCpmFilterQOutProfileDropOctets Counter64,
tCpmFilterQOutProfileFwdOctets Counter64
}
tCpmFilterQInProfileDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQInProfileDropPkts indicates the number of
packets complying to the queue Qos profile dropped from the
tCpmFilterQueueEntry with the same index."
::= { tCpmFilterQueueStatsEntry 1 }
tCpmFilterQInProfileFwdPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQInProfileFwdPkts indicates the number of
packets complying to the queue Qos profile forwarded from the
tCpmFilterQueueEntry with the same index."
::= { tCpmFilterQueueStatsEntry 2 }
tCpmFilterQInProfileDropOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQInProfileDropOctets indicates the number of
octets complying to the queue Qos profile dropped from the
tCpmFilterQueueEntry with the same index."
::= { tCpmFilterQueueStatsEntry 3 }
tCpmFilterQInProfileFwdOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQInProfileFwdOctets indicates the number of
octets complying to the queue Qos profile forwarded from the
tCpmFilterQueueEntry with the same index."
::= { tCpmFilterQueueStatsEntry 4 }
tCpmFilterQOutProfileDropPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQOutProfileDropPkts indicates the number of
packets not complying to the queue Qos profile dropped from the
tCpmFilterQueueEntry with the same index."
::= { tCpmFilterQueueStatsEntry 5 }
tCpmFilterQOutProfileFwdPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQOutProfileFwdPkts indicates the number of
packets not complying to the queue Qos profile forwarded from the
tCpmFilterQueueEntry with the same index."
::= { tCpmFilterQueueStatsEntry 6 }
tCpmFilterQOutProfileDropOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQOutProfileDropOctets indicates the number of
octets not complying to the queue Qos profile dropped from the
tCpmFilterQueueEntry with the same index."
::= { tCpmFilterQueueStatsEntry 7 }
tCpmFilterQOutProfileFwdOctets OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmFilterQOutProfileFwdOctets indicates the number of
octets not complying to the queue Qos profile forwarded from the
tCpmFilterQueueEntry with the same index."
::= { tCpmFilterQueueStatsEntry 8 }
tCpmIPv6FilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmIPv6FilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmIPv6FilterTable has an entry for each CPM IPv6 filter entry
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 9 }
tCpmIPv6FilterEntry OBJECT-TYPE
SYNTAX TCpmIPv6FilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents a particular CPM IPv6 filter match entry.
The CPM IPv6 Filter can have zero or more CPM IPv6 filter match
entries.
A filter entry with no match criteria set will match every packet, and
the entry action will be taken. Entries are created/deleted by user.
There is no StorageType object, entries have a presumed StorageType of
nonVolatile."
INDEX { tCpmIPv6FilterEntryId }
::= { tCpmIPv6FilterTable 1 }
TCpmIPv6FilterEntry ::= SEQUENCE
{
tCpmIPv6FilterEntryId TEntryId,
tCpmIPv6FilterEntryRowStatus RowStatus,
tCpmIPv6FilterEntryLastChanged TimeStamp,
tCpmIPv6FilterEntryLogId TFilterLogId,
tCpmIPv6FilterEntryDescription TItemDescription,
tCpmIPv6FilterEntryAction TCpmFilterActionOrDefault,
tCpmIPv6FilterEntryQueueId TCpmFilterQueueId,
tCpmIPv6FilterEntrySrcIPAddr InetAddressIPv6,
tCpmIPv6FilterEntrySrcIPMask InetAddressPrefixLength,
tCpmIPv6FilterEntryDestIPAddr InetAddressIPv6,
tCpmIPv6FilterEntryDestIPMask InetAddressPrefixLength,
tCpmIPv6FilterEntryNextHeader TIpProtocol,
tCpmIPv6FilterEntrySrcPort TTcpUdpPort,
tCpmIPv6FilterEntrySrcPortMask Integer32,
tCpmIPv6FilterEntryDestPort TTcpUdpPort,
tCpmIPv6FilterEntryDestPortMask Integer32,
tCpmIPv6FilterEntryDSCP TDSCPNameOrEmpty,
tCpmIPv6FilterEntryTcpSyn TItemMatch,
tCpmIPv6FilterEntryTcpAck TItemMatch,
tCpmIPv6FilterEntryIcmpCode TIcmpCodeOrNone,
tCpmIPv6FilterEntryIcmpType TIcmpTypeOrNone,
tCpmIPv6FilterEntryVRtrId TmnxVRtrIDOrZero,
tCpmIPv6FilterEntryLogCreated TruthValue,
tCpmIPv6FilterEntryFlowLabel IPv6FlowLabel,
tCpmIPv6FilterEntrySrcIpPfxList TNamedItemOrEmpty,
tCpmIPv6FilterEntryDstIpPfxList TNamedItemOrEmpty,
tCpmIPv6FilterEntrySrcPortHigh TTcpUdpPort,
tCpmIPv6FilterEntrySrcPortOper TCpmFilterPortOperator,
tCpmIPv6FilterEntryDestPortHigh TTcpUdpPort,
tCpmIPv6FilterEntryDestPortOper TCpmFilterPortOperator,
tCpmIPv6FilterEntrySrcPortList TNamedItemOrEmpty,
tCpmIPv6FilterEntryDstPortList TNamedItemOrEmpty,
tCpmIPv6FilterEntryPortSelector TFltrPortSelector,
tCpmIPv6FilterEntryFragment TItemMatch,
tCpmIPv6FilterEntryHopByHopOpt TItemMatch
}
tCpmIPv6FilterEntryId OBJECT-TYPE
SYNTAX TEntryId (1..131072)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryId is used to index into the
tCpmIPv6FilterTable. It uniquely identifies a CPM IPv6 filter entry as
configured on this system."
::= { tCpmIPv6FilterEntry 1 }
tCpmIPv6FilterEntryRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryRowStatus specifies the row status. It
allows entries to be created and deleted in the tCpmIPv6FilterTable."
::= { tCpmIPv6FilterEntry 2 }
tCpmIPv6FilterEntryLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryLastChanged indicates the timestamp of
the last change to this row in tCpmIPv6FilterTable."
::= { tCpmIPv6FilterEntry 3 }
tCpmIPv6FilterEntryLogId OBJECT-TYPE
SYNTAX TFilterLogId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryLogId specifies the log in which
packets matching this entry should be entered. The value zero
indicates that logging is disabled."
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 4 }
tCpmIPv6FilterEntryDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryDescription specifies the
user-provided string describing this filter entry."
DEFVAL { ''H }
::= { tCpmIPv6FilterEntry 5 }
tCpmIPv6FilterEntryAction OBJECT-TYPE
SYNTAX TCpmFilterActionOrDefault
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryAction specifies the action to take
for packets that match this filter entry. The value default(4)
specifies this entry to inherit the behavior defined as the default
for the filter in tCpmFilterDefaultAction.
The value queue(3) can only be specified if a valid queue id is
entered in tCpmIPv6FilterEntryQueueId.
An 'inconsistentValue' error is returned if the value of this object
is set to queue(3), when the value of the object
tCpmIPv6FilterEntryNextHeader is set to vrrp (112)."
DEFVAL { drop }
::= { tCpmIPv6FilterEntry 6 }
tCpmIPv6FilterEntryQueueId OBJECT-TYPE
SYNTAX TCpmFilterQueueId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryQueueId specifies which queue to put
the packet in when tCpmIPv6FilterEntryAction is queue (3).
If the value of tCpmIPv6FilterEntryAction is different from queue (3)
tCpmIPv6FilterEntryQueueId will be forced by the system to 0, and any
change attempt will be silently discarded."
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 7 }
tCpmIPv6FilterEntrySrcIPAddr OBJECT-TYPE
SYNTAX InetAddressIPv6
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntrySrcIPAddr specifies the IPv6 address
to match the source IPv6 address in the packet."
DEFVAL { '00000000000000000000000000000000'H }
::= { tCpmIPv6FilterEntry 8 }
tCpmIPv6FilterEntrySrcIPMask OBJECT-TYPE
SYNTAX InetAddressPrefixLength (0..128)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"tCpmIPv6FilterEntrySrcIPMask holds the IPv6 source address mask for
this IPv6 CPM filter entry. The mask specifies the bits to be compared
between tCpmIPv6FilterEntrySrcIPAddr and the IPv6 source address in
the packet."
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 9 }
tCpmIPv6FilterEntryDestIPAddr OBJECT-TYPE
SYNTAX InetAddressIPv6
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryDestIPAddr specifies the IPv6 address
to match the destination IPv6 address in the packet."
DEFVAL { '00000000000000000000000000000000'H }
::= { tCpmIPv6FilterEntry 10 }
tCpmIPv6FilterEntryDestIPMask OBJECT-TYPE
SYNTAX InetAddressPrefixLength (0..128)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"tCpmIPv6FilterEntryDestIPMask holds the IPv6 destination address mask
for this IPv6 CPM filter entry.
The mask specifies the bits to be compared between
tCpmIPv6FilterEntryDestIPAddr and the IPv6 destination address in the
packet."
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 11 }
tCpmIPv6FilterEntryNextHeader OBJECT-TYPE
SYNTAX TIpProtocol
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryNextHeader specifies the IPv6 protocol
to match. '-1' specifies that the matching has been disabled. To
change a protocol, the protocol specific values should be reset. For
instance, to change the protocol from TCP(6) to UDP(7), the TCP
specific attributes such as tCpmIPv6FilterEntryTcpSyn and
tCpmIPv6FilterEntryTcpAck should be reset. Because the match criteria
only pertains to the last next-header, the following values will not
match a filter entry: 0, 43, 44, 50, 51, and 60.
An 'inconsistentValue' error is returned if the value of this object
is is set to vrrp (112), when the value of the object
tCpmIPv6FilterEntryAction is set to queue(3)."
DEFVAL { -1 }
::= { tCpmIPv6FilterEntry 12 }
tCpmIPv6FilterEntrySrcPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntrySrcPort specifies the TCP/UDP port to
match the source port of the packet.
See also the description of tCpmIPv6FilterEntrySrcPortOper for
additional information about this object"
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 13 }
tCpmIPv6FilterEntrySrcPortMask OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntrySrcPortMask specifies the bits to be
compared between tCpmIPv6FilterEntrySrcPort and the TCP/UDP source
port in the packet.
See also the description of tCpmIPv6FilterEntrySrcPortOper for
additional information about this object"
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 14 }
tCpmIPv6FilterEntryDestPort OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryDestPort specifies the TCP/UDP port to
match the destination port of the packet.
See also the description of tCpmIPv6FilterEntryDestPortOper for
additional information about this object"
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 15 }
tCpmIPv6FilterEntryDestPortMask OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryDestPortMask specifies the bits to be
compared between tCpmIPv6FilterEntryDestPort and the TCP/UDP source
port in the packet.
See also the description of tCpmIPv6FilterEntryDestPortOper for
additional information about this object"
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 16 }
tCpmIPv6FilterEntryDSCP OBJECT-TYPE
SYNTAX TDSCPNameOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryDSCP specifies the DSCP to be matched
on the packet."
DEFVAL { ''H }
::= { tCpmIPv6FilterEntry 17 }
tCpmIPv6FilterEntryTcpSyn OBJECT-TYPE
SYNTAX TItemMatch
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryTcpSyn specifies whether a TCP Syn
packet should match."
DEFVAL { off }
::= { tCpmIPv6FilterEntry 23 }
tCpmIPv6FilterEntryTcpAck OBJECT-TYPE
SYNTAX TItemMatch
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryTcpAck specifies whether a TCP Ack
packet should match."
DEFVAL { off }
::= { tCpmIPv6FilterEntry 24 }
tCpmIPv6FilterEntryIcmpCode OBJECT-TYPE
SYNTAX TIcmpCodeOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryIcmpCode specifies the ICMP code to be
matched.
The value '-1' means ICMP code matching is disabled."
DEFVAL { -1 }
::= { tCpmIPv6FilterEntry 25 }
tCpmIPv6FilterEntryIcmpType OBJECT-TYPE
SYNTAX TIcmpTypeOrNone
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryIcmpType specifies the ICMP type to be
matched.
The value '-1' means ICMP type matching is disabled."
DEFVAL { -1 }
::= { tCpmIPv6FilterEntry 26 }
tCpmIPv6FilterEntryVRtrId OBJECT-TYPE
SYNTAX TmnxVRtrIDOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryVRtrId specifies the virtual router ID
to be matched. When the value is '0', no virtual router matching
occurs."
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 27 }
tCpmIPv6FilterEntryLogCreated OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryLogCreated indicates whether the
filter log for this filter entry has been instantiated."
::= { tCpmIPv6FilterEntry 28 }
tCpmIPv6FilterEntryFlowLabel OBJECT-TYPE
SYNTAX IPv6FlowLabel
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterEntryFlowLabel specifies the flow label to
be matched. When the value is '-1', no flow label matching occurs."
DEFVAL { -1 }
::= { tCpmIPv6FilterEntry 29 }
tCpmIPv6FilterEntrySrcIpPfxList OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object specifies the IPv6 prefix list used as match
criterion for the source ipv6 address.
The value specified for this object must correspond to a prefix list
defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.
If the value of this object is empty then the values of the objects
tCpmIPv6FilterEntrySrcIPAddr and tCpmIPv6FilterEntrySrcIPMask are used
as source ipv6 address match criterion.
When this object is set to a non-empty value then the objects
tCpmIPv6FilterEntrySrcIPAddr and tCpmIPv6FilterEntrySrcIPMask are
reset to their default values by the system.
Vice versa, when a new (non-default) value is provided for the objects
tCpmIPv6FilterEntrySrcIPAddr and tCpmIPv6FilterEntrySrcIPMask then
this object is reset to its default (empty) value by the system."
DEFVAL { ''H }
::= { tCpmIPv6FilterEntry 30 }
tCpmIPv6FilterEntryDstIpPfxList OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object specifies the IPv6 prefix list used as match
criterion for the destination ipv6 address.
The value specified for this object must correspond to a prefix list
defined in TIMETRA-FILTER-MIB::tFilterPrefixListTable.
If the value of this object is empty then the values of the objects
tCpmIPv6FilterEntryDestIPAddr and tCpmIPv6FilterEntryDestIPMask are
used as destination ipv6 address match criterion.
When this object is set to a non-empty value then the objects
tCpmIPv6FilterEntryDestIPAddr and tCpmIPv6FilterEntryDestIPMask are
reset to their default values by the system.
Vice versa, when a new (non-default) value is provided for the objects
tCpmIPv6FilterEntryDestIPAddr and tCpmIPv6FilterEntryDestIPMask then
this object is reset to its default (empty) value by the system."
DEFVAL { ''H }
::= { tCpmIPv6FilterEntry 31 }
tCpmIPv6FilterEntrySrcPortHigh OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the upper value for the TCP/UDP port range that
is used as match criterion for the source port of a packet.
See also the description of tCpmIPv6FilterEntrySrcPortOper for
additional information about this object
Setting tCpmIPv6FilterEntrySrcPortOper to range in combination with a
value for tCpmIPv6FilterEntrySrcPort greater than the value for
tCpmIPv6FilterEntrySrcPortHigh will be rejected by the system."
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 32 }
tCpmIPv6FilterEntrySrcPortOper OBJECT-TYPE
SYNTAX TCpmFilterPortOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the manner in which tCpmIPv6FilterEntrySrcPort,
tCpmIPv6FilterEntrySrcPortMask, and tCpmIPv6FilterEntrySrcPortHigh are
to be used. See description of TCpmFilterPortOperator."
DEFVAL { mask }
::= { tCpmIPv6FilterEntry 33 }
tCpmIPv6FilterEntryDestPortHigh OBJECT-TYPE
SYNTAX TTcpUdpPort
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the upper value for the TCP/UDP port range that
is used as match criterion for the source port of a packet.
Setting tCpmIPv6FilterEntryDestPortOper to range in combination with a
value for tCpmIPv6FilterEntryDestPort greater than the value for
tCpmIPv6FilterEntryDestPortHigh will be rejected by the system."
DEFVAL { 0 }
::= { tCpmIPv6FilterEntry 34 }
tCpmIPv6FilterEntryDestPortOper OBJECT-TYPE
SYNTAX TCpmFilterPortOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies the manner in which tCpmIPv6FilterEntryDestPort,
tCpmIPv6FilterEntryDestPortMask, and tCpmIPv6FilterEntryDestPortHigh
are to be used. See description of TCpmFilterPortOperator."
DEFVAL { mask }
::= { tCpmIPv6FilterEntry 35 }
tCpmIPv6FilterEntrySrcPortList OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object specifies the port-list used as match
criterion for the source port.
The value specified for this object must correspond to a port-list
defined in TIMETRA-FILTER-MIB::tFilterPortListTable.
If the value of this object is empty then the values of the objects
tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask,
tCpmIPv6FilterEntrySrcPortHigh and tCpmIPv6FilterEntrySrcPortOper are
used as source port match criterion.
When this object is set to a non-empty value then the objects
tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask,
tCpmIPv6FilterEntrySrcPortHigh and tCpmIPv6FilterEntrySrcPortOper are
reset to their default values by the system.
Vice versa, when a new (non-default) value is provided for one of the
objects tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask,
tCpmIPv6FilterEntrySrcPortHigh, or tCpmIPv6FilterEntrySrcPortOper then
tCpmIPv6FilterEntrySrcPortList is reset to its default (empty) value
by the system.
Setting any one of the objects tCpmIPv6FilterEntrySrcPort,
tCpmIPv6FilterEntrySrcPortMask, tCpmIPv6FilterEntrySrcPortHigh,
tCpmIPv6FilterEntrySrcPortOper to a non-default value in combination
with a non-default value for the object tCpmIPv6FilterEntrySrcPortList
is rejected by the system"
DEFVAL { ''H }
::= { tCpmIPv6FilterEntry 36 }
tCpmIPv6FilterEntryDstPortList OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of this object specifies the port-list used as match
criterion for the destination port.
The value specified for this object must correspond to a port-list
defined in TIMETRA-FILTER-MIB::tFilterPortListTable.
If the value of this object is empty then the values of the objects
tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask,
tCpmIPv6FilterEntryDestPortHigh and tCpmIPv6FilterEntryDestPortOper
are used as destination port match criterion.
When this object is set to a non-empty value then the objects
tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask,
tCpmIPv6FilterEntryDestPortHigh and tCpmIPv6FilterEntryDestPortOper
are reset to their default values by the system.
Vice versa, when a new (non-default) value is provided for one of the
objects tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask,
tCpmIPv6FilterEntryDestPortHigh or tCpmIPv6FilterEntryDestPortOper
then tCpmIPv6FilterEntryDstPortList is reset to its default (empty)
value by the system.
Setting any one of the objects tCpmIPv6FilterEntryDestPort,
tCpmIPv6FilterEntryDestPortMask, tCpmIPv6FilterEntryDestPortHigh,
tCpmIPv6FilterEntryDestPortOper to a non-default value in combination
with a non-default value for the object tCpmIPv6FilterEntryDstPortList
is rejected by the system."
DEFVAL { ''H }
::= { tCpmIPv6FilterEntry 37 }
tCpmIPv6FilterEntryPortSelector OBJECT-TYPE
SYNTAX TFltrPortSelector
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"This object specifies how the source port objects
(tCpmIPv6FilterEntrySrcPort, tCpmIPv6FilterEntrySrcPortMask,
tCpmIPv6FilterEntrySrcPortHigh, tCpmIPv6FilterEntrySrcPortOper,
tCpmIPv6FilterEntrySrcPortList) and destination port objects
(tCpmIPv6FilterEntryDestPort, tCpmIPv6FilterEntryDestPortMask,
tCpmIPv6FilterEntryDestPortHigh, tCpmIPv6FilterEntryDestPortOper,
tCpmIPv6FilterEntryDstPortList) are combined to form the filter match
criterion. See description of TFltrPortSelector.
An 'inconsistentValue' error is returned if this object is not set
along with source port or destination port objects."
DEFVAL { and-port }
::= { tCpmIPv6FilterEntry 38 }
tCpmIPv6FilterEntryFragment OBJECT-TYPE
SYNTAX TItemMatch
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If Enabled, matches a Fragmentation Extension Header as per value of
the object."
DEFVAL { off }
::= { tCpmIPv6FilterEntry 39 }
tCpmIPv6FilterEntryHopByHopOpt OBJECT-TYPE
SYNTAX TItemMatch
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"If Enabled, matches a Hop-By-Hop options Extension Header as per value
of the object."
DEFVAL { off }
::= { tCpmIPv6FilterEntry 40 }
tCpmIPv6FilterStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmIPv6FilterStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmIPv6FilterStatsTable has a stats entry for each entry in each
CPM filter configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 10 }
tCpmIPv6FilterStatsEntry OBJECT-TYPE
SYNTAX TCpmIPv6FilterStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the statistics related to the
tCpmIPv6FilterEntry indexed by the same tCpmIPv6FilterEntryId. Entries
are created when tCpmIPv6FilterEntry rows are created."
INDEX { tCpmIPv6FilterEntryId }
::= { tCpmIPv6FilterStatsTable 1 }
TCpmIPv6FilterStatsEntry ::= SEQUENCE
{
tCpmIPv6FilterStatsDroppedPkts Counter64,
tCpmIPv6FilterStatsForwardedPkts Counter64
}
tCpmIPv6FilterStatsDroppedPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterStatsDroppedPkts indicates the number of
packets dropped due to the tCpmIPv6FilterEntry with the same index."
::= { tCpmIPv6FilterStatsEntry 1 }
tCpmIPv6FilterStatsForwardedPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmIPv6FilterStatsForwardedPkts indicates the number of
packets forwarded due to the tCpmIPv6FilterEntry with the same index."
::= { tCpmIPv6FilterStatsEntry 2 }
tmnxCpmProtPolTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolTableLastChanged indicates the sysUpTime at
the time of the last modification of an entry in the
tmnxCpmProtPolTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 11 }
tmnxCpmProtPolTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtPolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxCpmProtPolTable has an entry for each CPM Protection policy
configured in the system. There are two default policies.
CPM Protection policy (254) is the default Access CPM Protection
policy. CPM Protection policy (255) is the default Network CPM
Protection policy.
The default CPM Protection policies are created by the system, and can
be modified but cannot be destroyed.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 12 }
tmnxCpmProtPolEntry OBJECT-TYPE
SYNTAX TmnxCpmProtPolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the configuration information related to a
CPM Protection policy."
INDEX { tmnxCpmProtPolicyId }
::= { tmnxCpmProtPolTable 1 }
TmnxCpmProtPolEntry ::= SEQUENCE
{
tmnxCpmProtPolicyId TCpmProtPolicyID,
tmnxCpmProtPolRowStatus RowStatus,
tmnxCpmProtPolLastChanged TimeStamp,
tmnxCpmProtPolDescription TItemDescription,
tmnxCpmProtPolPerSrcRateLimit TmnxCpmPacketPolRateLimit,
tmnxCpmProtPolOverallRateLimit TmnxCpmPacketPolRateLimit,
tmnxCpmProtPolAlarm TruthValue,
tmnxCpmProtPolOutProfileRate TmnxCpmPacketPolRateLimit,
tmnxCpmProtPolLimDhcpCiAddrZero TruthValue,
tmnxCpmProtPolOutProfRateLogEvnt TruthValue
}
tmnxCpmProtPolicyId OBJECT-TYPE
SYNTAX TCpmProtPolicyID (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolicyId specifies the identification number
of the CPM Protection policy."
::= { tmnxCpmProtPolEntry 1 }
tmnxCpmProtPolRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolRowStatus controls the creation and
deletion of rows in this table."
::= { tmnxCpmProtPolEntry 2 }
tmnxCpmProtPolLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolLastChanged indicates the sysUpTime at the
time of the last modification of this entry.
If no changes were made to the entry since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxCpmProtPolEntry 3 }
tmnxCpmProtPolDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolDescription specifies the user provided
description of this CPM Protection policy. The default CPM Protection
policies 254 and 255 have a default description which can be modified
by the user."
DEFVAL { ''H }
::= { tmnxCpmProtPolEntry 4 }
tmnxCpmProtPolPerSrcRateLimit OBJECT-TYPE
SYNTAX TmnxCpmPacketPolRateLimit
UNITS "packets per second"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolPerSrcRateLimit specifies the packet
arrival rate limit to be applied to each source of packets.
Objects referring to this CPM Protection policy that do not support
per-source rate limiting, may ignore the
tmnxCpmProtPolPerSrcRateLimit."
DEFVAL { -1 }
::= { tmnxCpmProtPolEntry 5 }
tmnxCpmProtPolOverallRateLimit OBJECT-TYPE
SYNTAX TmnxCpmPacketPolRateLimit
UNITS "packets per second"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolOverallRateLimit specifies the overall
packet arrival rate limit to be applied to all sources of packets.
A default value of -1, specifies an unrestricted packet arrival rate
on the interface.
The value of tmnxCpmProtPolOverallRateLimit is equal to 6000 for the
default access policy (policy 254)."
DEFVAL { -1 }
::= { tmnxCpmProtPolEntry 6 }
tmnxCpmProtPolAlarm OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolAlarm specifies if a notification must be
issued when one of the packet arrival rate limits is crossed.
A value of 'true' specifies that a notification must be issued."
DEFVAL { true }
::= { tmnxCpmProtPolEntry 7 }
tmnxCpmProtPolOutProfileRate OBJECT-TYPE
SYNTAX TmnxCpmPacketPolRateLimit
UNITS "packets per second"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolOutProfileRate specifies the threshold
value at which incoming control packets are marked out of profile.
A default value of -1 specifies absence of a set threshold on the
interface.
The value of tmnxCpmProtPolOutProfileRate is 6000 for the default
access policy (policy 254)."
DEFVAL { 3000 }
::= { tmnxCpmProtPolEntry 8 }
tmnxCpmProtPolLimDhcpCiAddrZero OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolLimDhcpCiAddrZero specifies whether or not
to apply per-source rate limiting to DHCP packets containing Client IP
address zero (e.g., for IPv4, ciaddr = 0.0.0.0).
For example, suppose a SAP has the following configuration:
a) TIMETRA-SAP-MIB::sapCpmProtMonitorIP = 'true', and
b) TIMETRA-SAP-MIB::sapCpmProtPolicyId = 7.
Then, if the tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection
policy 7 is 'true', DHCP packets arriving at the SAP are rate limited
using tmnxCpmProtPolPerSrcRateLimit, whether or not the ciaddr field is
zero. On the other hand, with the same SAP configuration, if the
tmnxCpmProtPolLimDhcpCiAddrZero value for CPM Protection policy 7 is
'false', DHCP packets arriving at the SAP with ciaddr zero are exempt
from the tmnxCpmProtPolPerSrcRateLimit.
The value of this object is irrelevant if the SAP's
TIMETRA-SAP-MIB::sapCpmProtMonitorIP value is 'false'."
REFERENCE
"RFC 2131 ('Dynamic Host Configuration Protocol') explains the role of
the ciaddr field in the DHCP protocol."
DEFVAL { false }
::= { tmnxCpmProtPolEntry 9 }
tmnxCpmProtPolOutProfRateLogEvnt OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPolOutProfRateLogEvnt controls the generation
of log events when the out-profile-rate specified by
tmnxCpmProtPolOutProfileRate is exceeded."
DEFVAL { false }
::= { tmnxCpmProtPolEntry 10 }
tmnxCpmProtDropUncfgdProtocolMsg OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxCpmProtDropUncfgdProtocolMsg specifies the
administrative state of the protocol protection facility.
When the value of this object is set to 'inService (2)', network
control protocol traffic is dropped if it is received on an interface
where the protocol is not configured.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { outOfService }
::= { tmnxCpmSecurityObjs 13 }
tmnxCpmProtLinkRateLimit OBJECT-TYPE
SYNTAX TmnxCpmPacketRateLimit
UNITS "packets per second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxCpmProtLinkRateLimit specifies the link-specific
packet arrival rate limit to be applied to link-level protocols such
as LACP.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { 15000 }
::= { tmnxCpmSecurityObjs 14 }
tmnxCpmProtExcdTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdTableLastChanged indicates the sysUpTime
at the time of the last add, change, or delete of a row in the
tmnxCpmProtExcdTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 15 }
tmnxCpmProtExcdTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtExcdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxCpmProtExcdTable has a row for each <service ID, SAP, source MAC
address> triple that has exceeded the per-source rate limit configured
for the <service ID, SAP> pair. MAC-layer per-source rate limiting is
enabled for a <service ID, SAP> pair by setting
TIMETRA-SAP-MIB::sapCpmProtMonitorMac to 'true'.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 16 }
tmnxCpmProtExcdEntry OBJECT-TYPE
SYNTAX TmnxCpmProtExcdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains statistics for a MAC packet stream that has exceeded
its per-source rate limit.
A row is created by the system the first time a <service ID, SAP,
source MAC address> triple exceeds its per-source rate limit. The
row is updated by the system on subsequent violations.
Rows are deleted when a clear operation is requested on the underlying
statistics."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxCpmProtExcdMac
}
::= { tmnxCpmProtExcdTable 1 }
TmnxCpmProtExcdEntry ::= SEQUENCE
{
tmnxCpmProtExcdMac MacAddress,
tmnxCpmProtExcdPeriods Gauge32,
tmnxCpmProtExcdTimeStarted TimeStamp,
tmnxCpmProtExcdTime TimeStamp
}
tmnxCpmProtExcdMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdMac indicates the MAC address of a source
which has exceeded its per-source rate limit."
::= { tmnxCpmProtExcdEntry 1 }
tmnxCpmProtExcdPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdPeriods indicates the number of times a
per-source rate limit violation was detected for this source.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtExcdEntry 2 }
tmnxCpmProtExcdTimeStarted OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdTimeStarted indicates the sysUpTime at the
time of the creation of this row."
::= { tmnxCpmProtExcdEntry 3 }
tmnxCpmProtExcdTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdTime indicates the sysUpTime at the time
of the last update of this row."
::= { tmnxCpmProtExcdEntry 4 }
tmnxCpmProtViolPortTableLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolPortTableLastChgd indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtViolPortTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 17 }
tmnxCpmProtViolPortTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtViolPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxCpmProtViolPortTable has an entry for each port where either
the link-specific packet arrival rate limit or the per-port overall
packet rate limit was violated.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 18 }
tmnxCpmProtViolPortEntry OBJECT-TYPE
SYNTAX TmnxCpmProtViolPortEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the information related to a port where the
link-specific packet arrival rate limit was violated.
Rows are created or removed automatically by the system."
INDEX { tmnxPortPortID }
::= { tmnxCpmProtViolPortTable 1 }
TmnxCpmProtViolPortEntry ::= SEQUENCE
{
tmnxCpmProtViolPortPeriods Gauge32,
tmnxCpmProtViolPortTimeStarted TimeStamp,
tmnxCpmProtViolPortTime TimeStamp,
tmnxCpmProtViolPortAggPeriods Gauge32,
tmnxCpmProtViolPortAggTimeStart TimeStamp,
tmnxCpmProtViolPortAggTime TimeStamp
}
tmnxCpmProtViolPortPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolPortPeriods indicates the number of times
the link-specific rate limit violation was detected at this port.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtViolPortEntry 1 }
tmnxCpmProtViolPortTimeStarted OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolPortTimeStarted indicates the sysUpTime
when the link-specific rate limit violation was detected the first
time at this port."
::= { tmnxCpmProtViolPortEntry 2 }
tmnxCpmProtViolPortTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolPortTime indicates the sysUpTime when the
link-specific rate limit violation was detected the last time at this
port."
::= { tmnxCpmProtViolPortEntry 3 }
tmnxCpmProtViolPortAggPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolPortAggPeriods indicates the number of
times the per-port overall rate limit violation was detected at this
port."
::= { tmnxCpmProtViolPortEntry 4 }
tmnxCpmProtViolPortAggTimeStart OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolPortAggTimeStart indicates the sysUpTime
when the per-port overall rate limit violation was detected the first
time at this port."
::= { tmnxCpmProtViolPortEntry 5 }
tmnxCpmProtViolPortAggTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolPortAggTime indicates the sysUpTime when
the per-port overall rate limit violation was detected the last time
at this port."
::= { tmnxCpmProtViolPortEntry 6 }
tmnxCpmProtViolIfTableLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolIfTableLastChgd indicates the sysUpTime at
the time of the last modification of an entry in the
tmnxCpmProtViolIfTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 19 }
tmnxCpmProtViolIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtViolIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxCpmProtViolIfTable has an entry for each router interface
where the overall packet arrival rate limit was violated.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 20 }
tmnxCpmProtViolIfEntry OBJECT-TYPE
SYNTAX TmnxCpmProtViolIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the information related to a router
interface where the overall packet arrival rate limit was violated.
Rows are created or removed automatically by the system."
INDEX {
vRtrID,
vRtrIfIndex
}
::= { tmnxCpmProtViolIfTable 1 }
TmnxCpmProtViolIfEntry ::= SEQUENCE
{
tmnxCpmProtViolIfPeriods Gauge32,
tmnxCpmProtViolIfTimeStarted TimeStamp,
tmnxCpmProtViolIfTime TimeStamp
}
tmnxCpmProtViolIfPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolIfPeriods indicates the number of times
the rate limit violation was detected at this router interface.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtViolIfEntry 1 }
tmnxCpmProtViolIfTimeStarted OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolIfTimeStarted indicates the sysUpTime at
the time of the creation of this entry."
::= { tmnxCpmProtViolIfEntry 2 }
tmnxCpmProtViolIfTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolIfTime indicates the sysUpTime at the time
of the last modification of this entry."
::= { tmnxCpmProtViolIfEntry 3 }
tmnxCpmProtViolSapTableLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolSapTableLastChgd indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtViolSapTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 21 }
tmnxCpmProtViolSapTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtViolSapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxCpmProtViolSapTable has an entry for each SAP where the
overall packet arrival rate limit was violated.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 22 }
tmnxCpmProtViolSapEntry OBJECT-TYPE
SYNTAX TmnxCpmProtViolSapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the information related to a SAP where the
overall packet arrival rate limit was violated.
Rows are created or removed automatically by the system."
INDEX {
svcId,
sapPortId,
sapEncapValue
}
::= { tmnxCpmProtViolSapTable 1 }
TmnxCpmProtViolSapEntry ::= SEQUENCE
{
tmnxCpmProtViolSapPeriods Gauge32,
tmnxCpmProtViolSapTimeStarted TimeStamp,
tmnxCpmProtViolSapTime TimeStamp
}
tmnxCpmProtViolSapPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolSapPeriods indicates the number of times
the rate limit violation was detected at this SAP.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtViolSapEntry 1 }
tmnxCpmProtViolSapTimeStarted OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolSapTimeStarted indicates the sysUpTime at
the time of the creation of this entry."
::= { tmnxCpmProtViolSapEntry 2 }
tmnxCpmProtViolSapTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolSapTime indicates the sysUpTime at the
time of the last update of this entry."
::= { tmnxCpmProtViolSapEntry 3 }
tmnxCpmProtPortOverallRateLimit OBJECT-TYPE
SYNTAX TmnxCpmPacketRateLimit
UNITS "packets per second"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPortOverallRateLimit specifies the per-port
packet arrival rate limit to be applied to all protocol messages that
are to be processed by the CPM.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { -1 }
::= { tmnxCpmSecurityObjs 23 }
tmnxCpmProtDetectPeriod OBJECT-TYPE
SYNTAX Unsigned32
UNITS "100 milliseconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtDetectPeriod indicates the length of a packet
arrival rate limit detection period.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 24 }
tCpmMacFilterTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmMacFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmMacFilterTable has an entry for each CPM Mac filter entry
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 25 }
tCpmMacFilterEntry OBJECT-TYPE
SYNTAX TCpmMacFilterEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents a particular Cpm Mac Filter match entry. The
Cpm Mac Filter can have zero or more Cpm Mac Filter match entries. A
filter entry with no match criteria set will match every packet, and
the entry action will be taken. Entries are created/deleted by user."
INDEX { tCpmMacFltrEntryId }
::= { tCpmMacFilterTable 1 }
TCpmMacFilterEntry ::= SEQUENCE
{
tCpmMacFltrEntryId TEntryId,
tCpmMacFltrEntryRowStatus RowStatus,
tCpmMacFltrEntryLastChanged TimeStamp,
tCpmMacFltrEntryLogId TFilterLogId,
tCpmMacFltrEntryDescription TItemDescription,
tCpmMacFltrEntryAction TCpmFilterActionOrDefault,
tCpmMacFltrEntryQueueId TCpmFilterQueueId,
tCpmMacFltrEntryFrameType TmnxCpmMacFltrFrameType,
tCpmMacFltrEntrySvcId TmnxServId,
tCpmMacFltrEntryDot1pValue Dot1PPriority,
tCpmMacFltrEntryDot1pMask Dot1PPriorityMask,
tCpmMacFltrEntryDsap ServiceAccessPoint,
tCpmMacFltrEntryDsapMask ServiceAccessPoint,
tCpmMacFltrEntrySrcMAC MacAddress,
tCpmMacFltrEntrySrcMACMask MacAddress,
tCpmMacFltrEntryDstMAC MacAddress,
tCpmMacFltrEntryDstMACMask MacAddress,
tCpmMacFltrEntryEtherType Integer32,
tCpmMacFltrEntrySsap ServiceAccessPoint,
tCpmMacFltrEntrySsapMask ServiceAccessPoint,
tCpmMacFltrEntryCfmOpCodeOper TOperator,
tCpmMacFltrEntryCfmOpCodeValue1 Unsigned32,
tCpmMacFltrEntryCfmOpCodeValue2 Unsigned32,
tCpmMacFltrEntryLogCreated TruthValue
}
tCpmMacFltrEntryId OBJECT-TYPE
SYNTAX TEntryId (1..131072)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tCpmMacFltrEntryId is used to index into the
tCpmMacFilterTable. It uniquely identifies a CPM Mac filter entry as
configured on this system."
::= { tCpmMacFilterEntry 1 }
tCpmMacFltrEntryRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmMacFltrEntryRowStatus specifies the row status. It
allows entries to be created and deleted in the tCpmMacFilterTable."
::= { tCpmMacFilterEntry 2 }
tCpmMacFltrEntryLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmMacFltrEntryLastChanged indicates the timestamp of
the last change to this row in tCpmMacFilterTable."
::= { tCpmMacFilterEntry 3 }
tCpmMacFltrEntryLogId OBJECT-TYPE
SYNTAX TFilterLogId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmMacFltrEntryLogId specifies the log in which packets
matching this entry should be entered. The value zero indicates that
logging is disabled."
DEFVAL { 0 }
::= { tCpmMacFilterEntry 4 }
tCpmMacFltrEntryDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmMacFltrEntryDescription specifies the user-provided
string describing this filter entry."
DEFVAL { ''H }
::= { tCpmMacFilterEntry 5 }
tCpmMacFltrEntryAction OBJECT-TYPE
SYNTAX TCpmFilterActionOrDefault
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmMacFltrEntryAction specifies the action to take for
packets that match this filter entry. The value default(4) specifies
this entry to inherit the behavior defined as the default for the
filter in tCpmFilterDefaultAction.
The value queue(3) can only be specified if a valid queue id is
entered in tCpmMacFltrEntryQueueId."
DEFVAL { drop }
::= { tCpmMacFilterEntry 6 }
tCpmMacFltrEntryQueueId OBJECT-TYPE
SYNTAX TCpmFilterQueueId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmMacFltrEntryQueueId specifies which queue to put the
packet in when tCpmMacFltrEntryAction is queue (3).
If the value of tCpmMacFltrEntryAction is different from queue (3)
tCpmMacFltrEntryQueueId will be forced by the system to 0, and any
change attempt will be silently discarded."
DEFVAL { 0 }
::= { tCpmMacFilterEntry 7 }
tCpmMacFltrEntryFrameType OBJECT-TYPE
SYNTAX TmnxCpmMacFltrFrameType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tCpmMacFltrEntryFrameType specifies the type of mac frame
for which we are defining this match criteria. The value 'none' means
that this entry is not matching on any ethernet frame.
The value 'e802dot1ag(4)' is deprecated, and replaced by
e802dot2LLC(1)."
DEFVAL { none }
::= { tCpmMacFilterEntry 8 }
tCpmMacFltrEntrySvcId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntrySvcId specifies the service-id
in which the packet is to be received for this entry to match. A value
of 0 indicates: any service."
DEFVAL { 0 }
::= { tCpmMacFilterEntry 9 }
tCpmMacFltrEntryDot1pValue OBJECT-TYPE
SYNTAX Dot1PPriority
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Filtering on dot1p bits is currently not offered on cpm-mac filters.
All set actions on this object will therefore be ignored."
DEFVAL { -1 }
::= { tCpmMacFilterEntry 10 }
tCpmMacFltrEntryDot1pMask OBJECT-TYPE
SYNTAX Dot1PPriorityMask
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"Filtering on dot1p bits is currently not offered on cpm-mac filters.
All set actions on this object will therefore be ignored."
DEFVAL { 0 }
::= { tCpmMacFilterEntry 11 }
tCpmMacFltrEntryDsap OBJECT-TYPE
SYNTAX ServiceAccessPoint
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntryDsap specifies the MAC DSAP to
match for this MAC filter entry. This object has no significance if
the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
DEFVAL { -1 }
::= { tCpmMacFilterEntry 12 }
tCpmMacFltrEntryDsapMask OBJECT-TYPE
SYNTAX ServiceAccessPoint
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntryDsapMask specifies the MAC
DSAP mask for this MAC filter entry. This object has no significance
if the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
DEFVAL { -1 }
::= { tCpmMacFilterEntry 13 }
tCpmMacFltrEntrySrcMAC OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntrySrcMAC specifies the source
MAC to match for this policy MAC filter entry."
DEFVAL { '000000000000'H }
::= { tCpmMacFilterEntry 14 }
tCpmMacFltrEntrySrcMACMask OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntrySrcMACMask specifies the
source MAC mask value for this policy MAC filter entry. The mask is
ANDed with the MAC to match tCpmMacFltrEntrySrcMAC. A zero bit means
ignore this bit, do not match. A one bit means match this bit with
tCpmMacFltrEntrySrcMAC. Use the value 00-00-00-00-00-00 to disable
this filter criteria."
DEFVAL { '000000000000'H }
::= { tCpmMacFilterEntry 15 }
tCpmMacFltrEntryDstMAC OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntryDstMAC specifies the
Destination MAC mask value for this policy MAC filter entry."
DEFVAL { '000000000000'H }
::= { tCpmMacFilterEntry 16 }
tCpmMacFltrEntryDstMACMask OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntryDstMACMask specifies
the destination MAC mask value for this policy MAC filter entry.
The mask is ANDed with the MAC to match tCpmMacFltrEntryDstMAC.
A zero bit means ignore this bit, do not match. a one bit means
match this bit with tCpmMacFltrEntryDstMAC.
Use the value 00-00-00-00-00-00 to disable this filter criteria."
DEFVAL { '000000000000'H }
::= { tCpmMacFilterEntry 17 }
tCpmMacFltrEntryEtherType OBJECT-TYPE
SYNTAX Integer32 (-1 | 1536..65535)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntryEtherType specifies the
Ethertype for this MAC filter entry. Use -1 to disable matching by
this criteria. This object has no significance if the object
tCpmMacFltrEntryFrameType is not set to Ethernet_II."
DEFVAL { -1 }
::= { tCpmMacFilterEntry 18 }
tCpmMacFltrEntrySsap OBJECT-TYPE
SYNTAX ServiceAccessPoint
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntrySsap specifies the MAC SSAP to
match for this MAC filter entry. This object has no significance if
the object tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
DEFVAL { -1 }
::= { tCpmMacFilterEntry 21 }
tCpmMacFltrEntrySsapMask OBJECT-TYPE
SYNTAX ServiceAccessPoint
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntrySsapMask specifies the MAC
SSAP mask for this MAC filter entry. Use 0 to disable matching by this
criteria. This object has no significance if the object
tCpmMacFltrEntryFrameType is not set to 802dot2LLC."
DEFVAL { -1 }
::= { tCpmMacFilterEntry 22 }
tCpmMacFltrEntryCfmOpCodeOper OBJECT-TYPE
SYNTAX TOperator
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntryCfmOpCodeOper specifies which
type of opcode checking is to be performed. If different from none,
more info is provided in the objects tCpmMacFltrEntryCfmOpCodeValue1
and tCpmMacFltrEntryCfmOpCodeValue2. This object has significance only
if the object tCpmMacFltrEntryFrameType refers to either ieee802.1ag
or Y1731."
DEFVAL { none }
::= { tCpmMacFilterEntry 23 }
tCpmMacFltrEntryCfmOpCodeValue1 OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntryCfmOpCodeValue1 specifies a
cfm opcode. The value of this object is used as per the description
for tCpmMacFltrEntryCfmOpCodeOper."
DEFVAL { 0 }
::= { tCpmMacFilterEntry 24 }
tCpmMacFltrEntryCfmOpCodeValue2 OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tCpmMacFltrEntryCfmOpCodeValue2 specifies a
cfm opcode. The value of this object is used as per the description
for tCpmMacFltrEntryCfmOpCodeOper."
DEFVAL { 0 }
::= { tCpmMacFilterEntry 25 }
tCpmMacFltrEntryLogCreated OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmMacFltrEntryLogCreated indicates whether the filter
log for this filter entry has been instantiated."
::= { tCpmMacFilterEntry 26 }
tCpmMacFilterStatsTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmMacFilterStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmMacFilterStatsTable has a stats entry of the CPM Mac filter
configured on this system.
This table is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5'."
::= { tmnxCpmSecurityObjs 26 }
tCpmMacFilterStatsEntry OBJECT-TYPE
SYNTAX TCpmMacFilterStatsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the statistics related to the
tCpmMacFilterEntry indexed by the same tCpmMacFltrEntryId. Entries are
created when tCpmMacFilterEntry rows are created."
INDEX { tCpmMacFltrEntryId }
::= { tCpmMacFilterStatsTable 1 }
TCpmMacFilterStatsEntry ::= SEQUENCE
{
tCpmMacFilterStatsDroppedPkts Counter64,
tCpmMacFilterStatsForwardedPkts Counter64
}
tCpmMacFilterStatsDroppedPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmMacFilterStatsDroppedPkts indicates the number of
packets dropped due to the tCpmMacFilterEntry with the same index."
::= { tCpmMacFilterStatsEntry 1 }
tCpmMacFilterStatsForwardedPkts OBJECT-TYPE
SYNTAX Counter64
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmMacFilterStatsForwardedPkts indicates the number of
packets forwarded due to the tCpmMacFilterEntry with the same index."
::= { tCpmMacFilterStatsEntry 2 }
tmnxCpmProtAllowShamLinkPackets OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxCpmProtAllowShamLinkPackets specifies whether OSPF
sham-link traffic will be allowed over VPRN transport tunnels.
When the value of this object is set to 'true (1)', OSPF sham-link
traffic will be allowed even if OSPF is not configured. When the value
of this object is set to 'false (2)', OSPF sham-link traffic is
dropped if it is received on an interface where the protocol is not
configured.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { false }
::= { tmnxCpmSecurityObjs 27 }
tmnxCpmProtViolVdoSvcTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtViolVdoSvcEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxCpmProtViolVdoSvcTable has an entry for each client address of
a RTCP control traffic in VPLS service where the per-source rate limit
was violated."
::= { tmnxCpmSecurityObjs 28 }
tmnxCpmProtViolVdoSvcEntry OBJECT-TYPE
SYNTAX TmnxCpmProtViolVdoSvcEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the information related to a client address
of a RTCP control traffic in VPLS service where the per-source rate
limit was violated.
Rows are created or removed automatically by the system."
INDEX {
svcId,
tmnxCpmProtViolVdoSvcCltAddrType,
tmnxCpmProtViolVdoSvcCltAddr
}
::= { tmnxCpmProtViolVdoSvcTable 1 }
TmnxCpmProtViolVdoSvcEntry ::= SEQUENCE
{
tmnxCpmProtViolVdoSvcCltAddrType InetAddressType,
tmnxCpmProtViolVdoSvcCltAddr InetAddress,
tmnxCpmProtViolVdoSvcPeriods Gauge32,
tmnxCpmProtViolVdoSvcTimeStarted TimeStamp,
tmnxCpmProtViolVdoSvcTime TimeStamp,
tmnxCpmProtViolVdoSvcVrtrIfIndex InterfaceIndex
}
tmnxCpmProtViolVdoSvcCltAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoSvcCltAddrType indicates the type of
address represented by tmnxCpmProtViolVdoSvcCltAddr."
::= { tmnxCpmProtViolVdoSvcEntry 1 }
tmnxCpmProtViolVdoSvcCltAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoSvcCltAddr indicates the client IP
address of a RTCP control traffic in VPLS service where the per-source
rate limit was violated."
::= { tmnxCpmProtViolVdoSvcEntry 2 }
tmnxCpmProtViolVdoSvcPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoSvcPeriods indicates the number of
times the per-source rate limit violation was detected for this
client.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtViolVdoSvcEntry 3 }
tmnxCpmProtViolVdoSvcTimeStarted OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoSvcTimeStarted indicates the sysUpTime
at the time of the creation of this entry."
::= { tmnxCpmProtViolVdoSvcEntry 4 }
tmnxCpmProtViolVdoSvcTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoSvcTime indicates the sysUpTime at the
time of the last update of this entry."
::= { tmnxCpmProtViolVdoSvcEntry 5 }
tmnxCpmProtViolVdoSvcVrtrIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoSvcVrtrIfIndex specifies the secondary
index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video
interface where the per-source rate limit was violated. The value of
primary index TIMETRA-VRTR-MIB::vRtrIfTable will be equal to the
virtual router identifier of vpls-management which is 4094."
::= { tmnxCpmProtViolVdoSvcEntry 6 }
tmnxCpmProtViolVdoVrtrTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtViolVdoVrtrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxCpmProtViolVdoVrtrTable has an entry for each client address
of a RTCP control traffic in router context where the per-source rate
limit was violated."
::= { tmnxCpmSecurityObjs 29 }
tmnxCpmProtViolVdoVrtrEntry OBJECT-TYPE
SYNTAX TmnxCpmProtViolVdoVrtrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the information related to a client address
of a RTCP control traffic in router context where the per-source rate
limit was violated.
Rows are created or removed automatically by the system."
INDEX {
vRtrID,
tmnxCpmProtViolVdoVrtrCltAdrType,
tmnxCpmProtViolVdoVrtrCltAddr
}
::= { tmnxCpmProtViolVdoVrtrTable 1 }
TmnxCpmProtViolVdoVrtrEntry ::= SEQUENCE
{
tmnxCpmProtViolVdoVrtrCltAdrType InetAddressType,
tmnxCpmProtViolVdoVrtrCltAddr InetAddress,
tmnxCpmProtViolVdoVrtrPeriods Gauge32,
tmnxCpmProtViolVdoVrtrTimeStart TimeStamp,
tmnxCpmProtViolVdoVrtrTime TimeStamp,
tmnxCpmProtViolVdoVrtrSvcId TmnxServId,
tmnxCpmProtViolVdoVrtrIfIndex InterfaceIndex
}
tmnxCpmProtViolVdoVrtrCltAdrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoVrtrCltAdrType indicates the type of
address represented by tmnxCpmProtViolVdoVrtrCltAddr."
::= { tmnxCpmProtViolVdoVrtrEntry 1 }
tmnxCpmProtViolVdoVrtrCltAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoVrtrCltAddr indicates the client IP
address of a RTCP control traffic in router context where the
per-source rate limit was violated."
::= { tmnxCpmProtViolVdoVrtrEntry 2 }
tmnxCpmProtViolVdoVrtrPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoVrtrPeriods indicates the number of
times the per-source rate limit violation was detected for this
client.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtViolVdoVrtrEntry 3 }
tmnxCpmProtViolVdoVrtrTimeStart OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoVrtrTimeStart indicates the sysUpTime
at the time of the creation of this entry."
::= { tmnxCpmProtViolVdoVrtrEntry 4 }
tmnxCpmProtViolVdoVrtrTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoVrtrTime indicates the sysUpTime at the
time of the last update of this entry."
::= { tmnxCpmProtViolVdoVrtrEntry 5 }
tmnxCpmProtViolVdoVrtrSvcId OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoVrtrSvcId indicates the row index in
the TIMETRA-SERV-MIB::svcBaseInfoTable corresponding to the service
where the per-source rate limit was violated."
::= { tmnxCpmProtViolVdoVrtrEntry 6 }
tmnxCpmProtViolVdoVrtrIfIndex OBJECT-TYPE
SYNTAX InterfaceIndex
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolVdoVrtrIfIndex specifies the secondary
index in the TIMETRA-VRTR-MIB::vRtrIfTable corresponding to the video
interface where the per-source rate limit was violated. The value of
vRtrID specifies the primary index in the
TIMETRA-VRTR-MIB::vRtrIfTable."
::= { tmnxCpmProtViolVdoVrtrEntry 7 }
tmnxCpmProtEthCfmPolTableLastChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtEthCfmPolTableLastChg indicates the value of
the sysUpTime object when the last change was made to
tmnxCpmProtEthCfmPolTable. A value of 0 indicates that no changes were
made to tmnxCpmProtEthCfmPolTable since the system was last
initialized."
::= { tmnxCpmSecurityObjs 30 }
tmnxCpmProtEthCfmPolTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtEthCfmPolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxCpmProtEthCfmPolTable contains configurable rules (similar to an
Access Control List) used to rate limit the flow of Ethernet
Connectivity Fault Management packets. The table can be used to
minimize the impact of an Eth-CFM Denial of Service attack.
The table extends tmnxCpmProtPolTable, by allowing several
<rate-limit, eth-cfm-level, eth-cfm-opcode> triples to be defined for
a CPM protection policy.
For example, tmnxCpmProtEthCfmPolTable could contain the following
information (where the column labels for the table's index objects are
in upper case):
POLICY ID ENTRY NUM Level Opcode Rate Limit
--------- --------- ----- ------ ----------
250 10 {4} {10} 100 packets/sec
250 20 {4,6} {1,3} 200 packets/sec
250 30 {0-7} {0-255} 300 packets/sec
{0-7} indicates {0, 1, 2, 3, 4, 5, 6, 7}.
Suppose the example configuration above is in place, and an Eth-CFM
PDU arrives on a SAP which has Policy ID 250 configured against it.
If the PDU contains level=4 and opcode=1, the 200 packets/sec rate
limit is applied. Within a Policy ID, the first row (i.e.
the row with the lowest entry number) matching the PDU applies.
Therefore, the third row in the example applies a 300 packets/sec
limit to any PDU which does not match the first or second row.
At most four Policy IDs can have rows in this table. At most 10 rows
are supported per Policy ID.
If the user chooses well-spaced tmnxCpmProtEthCfmPolEntryNum values
(e.g. 10, 20, 30) when initially creating the rows for a particular
tmnxCpmProtPolicyId, it will be possible to add rows in the gaps
later, without reconfiguration.
A prerequisite for creating a row in this table: a row with the same
tmnxCpmProtPolicyId must exist in tmnxCpmProtPolTable. Deleting a row
in tmnxCpmProtPolTable deletes all the rows in this table with
matching tmnxCpmProtPolicyId values."
REFERENCE
"ITU-T Y.1731 Specification, 02/2008"
::= { tmnxCpmSecurityObjs 31 }
tmnxCpmProtEthCfmPolEntry OBJECT-TYPE
SYNTAX TmnxCpmProtEthCfmPolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row specifies a set of Ethernet CFM packets to be rate limited,
and the associated rate limit.
Table rows are created and destroyed using
tmnxCpmProtEthCfmPolRowStatus."
INDEX {
tmnxCpmProtPolicyId,
tmnxCpmProtEthCfmPolEntryNum
}
::= { tmnxCpmProtEthCfmPolTable 1 }
TmnxCpmProtEthCfmPolEntry ::= SEQUENCE
{
tmnxCpmProtEthCfmPolEntryNum Unsigned32,
tmnxCpmProtEthCfmPolRowStatus RowStatus,
tmnxCpmProtEthCfmPolLastChanged TimeStamp,
tmnxCpmProtEthCfmPolLevelSet BITS,
tmnxCpmProtEthCfmPolOpCodeSet BITS,
tmnxCpmProtEthCfmPolRateLimit TmnxCpmPktPolRateLimitInclZero
}
tmnxCpmProtEthCfmPolEntryNum OBJECT-TYPE
SYNTAX Unsigned32 (1..100)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtEthCfmPolEntryNum specifies a user-selected
entry number. This index exists to allow multiple
tmnxCpmProtEthCfmPolTable rows for one tmnxCpmProtPolicyId."
::= { tmnxCpmProtEthCfmPolEntry 1 }
tmnxCpmProtEthCfmPolRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtEthCfmPolRowStatus specifies the row status of
this tmnxCpmProtEthCfmPolEntry."
::= { tmnxCpmProtEthCfmPolEntry 2 }
tmnxCpmProtEthCfmPolLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtEthCfmPolLastChanged indicates the value of
the sysUpTime object when the last change was made to this row. A
value of 0 indicates that no changes were made to this row since the
system was last initialized."
::= { tmnxCpmProtEthCfmPolEntry 3 }
tmnxCpmProtEthCfmPolLevelSet OBJECT-TYPE
SYNTAX BITS {
level0 (0),
level1 (1),
level2 (2),
level3 (3),
level4 (4),
level5 (5),
level6 (6),
level7 (7)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtEthCfmPolLevelSet specifies a set of MEG
(Maintenance Entity Group) Level values. At least one Level must be
specified (i.e. the empty set is not supported).
The rate limit specified by tmnxCpmProtEthCfmPolRateLimit applies to an
Eth-CFM PDU if:
a) tmnxCpmProtPolicyId is configured against the PDU stream containing
the PDU, and
b) the PDU's MEL (MEG Level) value is an element of
tmnxCpmProtEthCfmPolLevelSet, and
c) the PDU's Opcode value is an element of
tmnxCpmProtEthCfmPolOpCodeSet."
::= { tmnxCpmProtEthCfmPolEntry 4 }
tmnxCpmProtEthCfmPolOpCodeSet OBJECT-TYPE
SYNTAX BITS {
opCode0 (0),
opCode1 (1),
opCode2 (2),
opCode3 (3),
opCode4 (4),
opCode5 (5),
opCode6 (6),
opCode7 (7),
opCode8 (8),
opCode9 (9),
opCode10 (10),
opCode11 (11),
opCode12 (12),
opCode13 (13),
opCode14 (14),
opCode15 (15),
opCode16 (16),
opCode17 (17),
opCode18 (18),
opCode19 (19),
opCode20 (20),
opCode21 (21),
opCode22 (22),
opCode23 (23),
opCode24 (24),
opCode25 (25),
opCode26 (26),
opCode27 (27),
opCode28 (28),
opCode29 (29),
opCode30 (30),
opCode31 (31),
opCode32 (32),
opCode33 (33),
opCode34 (34),
opCode35 (35),
opCode36 (36),
opCode37 (37),
opCode38 (38),
opCode39 (39),
opCode40 (40),
opCode41 (41),
opCode42 (42),
opCode43 (43),
opCode44 (44),
opCode45 (45),
opCode46 (46),
opCode47 (47),
opCode48 (48),
opCode49 (49),
opCode50 (50),
opCode51 (51),
opCode52 (52),
opCode53 (53),
opCode54 (54),
opCode55 (55),
opCode56 (56),
opCode57 (57),
opCode58 (58),
opCode59 (59),
opCode60 (60),
opCode61 (61),
opCode62 (62),
opCode63 (63),
opCode64 (64),
opCode65 (65),
opCode66 (66),
opCode67 (67),
opCode68 (68),
opCode69 (69),
opCode70 (70),
opCode71 (71),
opCode72 (72),
opCode73 (73),
opCode74 (74),
opCode75 (75),
opCode76 (76),
opCode77 (77),
opCode78 (78),
opCode79 (79),
opCode80 (80),
opCode81 (81),
opCode82 (82),
opCode83 (83),
opCode84 (84),
opCode85 (85),
opCode86 (86),
opCode87 (87),
opCode88 (88),
opCode89 (89),
opCode90 (90),
opCode91 (91),
opCode92 (92),
opCode93 (93),
opCode94 (94),
opCode95 (95),
opCode96 (96),
opCode97 (97),
opCode98 (98),
opCode99 (99),
opCode100 (100),
opCode101 (101),
opCode102 (102),
opCode103 (103),
opCode104 (104),
opCode105 (105),
opCode106 (106),
opCode107 (107),
opCode108 (108),
opCode109 (109),
opCode110 (110),
opCode111 (111),
opCode112 (112),
opCode113 (113),
opCode114 (114),
opCode115 (115),
opCode116 (116),
opCode117 (117),
opCode118 (118),
opCode119 (119),
opCode120 (120),
opCode121 (121),
opCode122 (122),
opCode123 (123),
opCode124 (124),
opCode125 (125),
opCode126 (126),
opCode127 (127),
opCode128 (128),
opCode129 (129),
opCode130 (130),
opCode131 (131),
opCode132 (132),
opCode133 (133),
opCode134 (134),
opCode135 (135),
opCode136 (136),
opCode137 (137),
opCode138 (138),
opCode139 (139),
opCode140 (140),
opCode141 (141),
opCode142 (142),
opCode143 (143),
opCode144 (144),
opCode145 (145),
opCode146 (146),
opCode147 (147),
opCode148 (148),
opCode149 (149),
opCode150 (150),
opCode151 (151),
opCode152 (152),
opCode153 (153),
opCode154 (154),
opCode155 (155),
opCode156 (156),
opCode157 (157),
opCode158 (158),
opCode159 (159),
opCode160 (160),
opCode161 (161),
opCode162 (162),
opCode163 (163),
opCode164 (164),
opCode165 (165),
opCode166 (166),
opCode167 (167),
opCode168 (168),
opCode169 (169),
opCode170 (170),
opCode171 (171),
opCode172 (172),
opCode173 (173),
opCode174 (174),
opCode175 (175),
opCode176 (176),
opCode177 (177),
opCode178 (178),
opCode179 (179),
opCode180 (180),
opCode181 (181),
opCode182 (182),
opCode183 (183),
opCode184 (184),
opCode185 (185),
opCode186 (186),
opCode187 (187),
opCode188 (188),
opCode189 (189),
opCode190 (190),
opCode191 (191),
opCode192 (192),
opCode193 (193),
opCode194 (194),
opCode195 (195),
opCode196 (196),
opCode197 (197),
opCode198 (198),
opCode199 (199),
opCode200 (200),
opCode201 (201),
opCode202 (202),
opCode203 (203),
opCode204 (204),
opCode205 (205),
opCode206 (206),
opCode207 (207),
opCode208 (208),
opCode209 (209),
opCode210 (210),
opCode211 (211),
opCode212 (212),
opCode213 (213),
opCode214 (214),
opCode215 (215),
opCode216 (216),
opCode217 (217),
opCode218 (218),
opCode219 (219),
opCode220 (220),
opCode221 (221),
opCode222 (222),
opCode223 (223),
opCode224 (224),
opCode225 (225),
opCode226 (226),
opCode227 (227),
opCode228 (228),
opCode229 (229),
opCode230 (230),
opCode231 (231),
opCode232 (232),
opCode233 (233),
opCode234 (234),
opCode235 (235),
opCode236 (236),
opCode237 (237),
opCode238 (238),
opCode239 (239),
opCode240 (240),
opCode241 (241),
opCode242 (242),
opCode243 (243),
opCode244 (244),
opCode245 (245),
opCode246 (246),
opCode247 (247),
opCode248 (248),
opCode249 (249),
opCode250 (250),
opCode251 (251),
opCode252 (252),
opCode253 (253),
opCode254 (254),
opCode255 (255)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtEthCfmPolOpCodeSet specifies a set of Eth-CFM
PDU Opcode values to be matched against the Opcode field of an Eth-CFM
PDU which is subject to rate limiting. At least one Opcode must be
specified (i.e. the empty set is not supported).
This object works in conjunction with tmnxCpmProtEthCfmPolLevelSet, as
described in the tmnxCpmProtEthCfmPolLevelSet DESCRIPTION."
::= { tmnxCpmProtEthCfmPolEntry 5 }
tmnxCpmProtEthCfmPolRateLimit OBJECT-TYPE
SYNTAX TmnxCpmPktPolRateLimitInclZero
UNITS "packets per second"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtEthCfmPolRateLimit specifies the rate limit to
be enforced for the Eth-CFM packet stream specified by
tmnxCpmProtPolicyId, tmnxCpmProtEthCfmPolLevelSet, and
tmnxCpmProtEthCfmPolOpCodeSet."
DEFVAL { -1 }
::= { tmnxCpmProtEthCfmPolEntry 6 }
tmnxCpmProtViolSdpBindTblLastChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolSdpBindTblLastChg indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtViolSdpBindTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object is zero."
::= { tmnxCpmSecurityObjs 32 }
tmnxCpmProtViolSdpBindTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtViolSdpBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxCpmProtViolSdpBindTable has a row for each SDP binding, where the
overall packet arrival rate limit was violated."
::= { tmnxCpmSecurityObjs 33 }
tmnxCpmProtViolSdpBindEntry OBJECT-TYPE
SYNTAX TmnxCpmProtViolSdpBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains the statistics for an SDP binding where the overall
packet arrival rate limit was violated.
Rows are created or removed automatically by the system."
INDEX {
svcId,
sdpBindId
}
::= { tmnxCpmProtViolSdpBindTable 1 }
TmnxCpmProtViolSdpBindEntry ::= SEQUENCE
{
tmnxCpmProtViolSdpBindPeriods Counter32,
tmnxCpmProtViolSdpBindTimeStartd TimeStamp,
tmnxCpmProtViolSdpBindTime TimeStamp
}
tmnxCpmProtViolSdpBindPeriods OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolSdpBindPeriods indicates the number of
times a rate limit violation was detected at this SDP binding.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtViolSdpBindEntry 1 }
tmnxCpmProtViolSdpBindTimeStartd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolSdpBindTimeStartd indicates the sysUpTime
at the time of the creation of this entry."
::= { tmnxCpmProtViolSdpBindEntry 2 }
tmnxCpmProtViolSdpBindTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolSdpBindTime indicates the sysUpTime at the
time of the last update of this entry."
::= { tmnxCpmProtViolSdpBindEntry 3 }
tmnxCpmProtExcdSdpBindTblLastChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindTblLastChg indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtExcdSdpBindTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object is zero."
::= { tmnxCpmSecurityObjs 34 }
tmnxCpmProtExcdSdpBindTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtExcdSdpBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxCpmProtExcdSdpBindTable has a row for each SDP binding and source
MAC address pair that has exceeded its per-source rate limit. The
equivalent table for SAPs is tmnxCpmProtExcdTable."
::= { tmnxCpmSecurityObjs 35 }
tmnxCpmProtExcdSdpBindEntry OBJECT-TYPE
SYNTAX TmnxCpmProtExcdSdpBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains the statistics for a PDU stream that has exceeded
its per-source rate limit.
Rows are created or removed automatically by the system."
INDEX {
svcId,
sdpBindId,
tmnxCpmProtExcdSdpBindMac
}
::= { tmnxCpmProtExcdSdpBindTable 1 }
TmnxCpmProtExcdSdpBindEntry ::= SEQUENCE
{
tmnxCpmProtExcdSdpBindMac MacAddress,
tmnxCpmProtExcdSdpBindPeriods Counter32,
tmnxCpmProtExcdSdpBindTimeStartd TimeStamp,
tmnxCpmProtExcdSdpBindTime TimeStamp
}
tmnxCpmProtExcdSdpBindMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindMac specifies the MAC address of
the source."
::= { tmnxCpmProtExcdSdpBindEntry 1 }
tmnxCpmProtExcdSdpBindPeriods OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindPeriods indicates the number of
times a per-source rate limit violation was detected for this source.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtExcdSdpBindEntry 2 }
tmnxCpmProtExcdSdpBindTimeStartd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindTimeStartd indicates the sysUpTime
at the time of the creation of this entry."
::= { tmnxCpmProtExcdSdpBindEntry 3 }
tmnxCpmProtExcdSdpBindTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindTime indicates the sysUpTime at the
time of the last update of this entry."
::= { tmnxCpmProtExcdSdpBindEntry 4 }
tmnxCpmProtExcdSdpBindEcmTblLChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindEcmTblLChg indicates the sysUpTime
at the time of the last modification of an entry in the
tmnxCpmProtExcdSdpBindEcmTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object is zero."
::= { tmnxCpmSecurityObjs 36 }
tmnxCpmProtExcdSdpBindEcmTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtExcdSdpBindEcmEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxCpmProtExcdSdpBindEcmTable has a row for each Ethernet
Connectivity Fault Management (Eth-CFM) PDU stream, served by an SDP
binding, that has exceeded its Eth-CFM rate limit."
::= { tmnxCpmSecurityObjs 37 }
tmnxCpmProtExcdSdpBindEcmEntry OBJECT-TYPE
SYNTAX TmnxCpmProtExcdSdpBindEcmEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains the statistics for an Eth-CFM PDU stream that has
exceeded its Eth-CFM rate limit.
Rows are created or removed automatically by the system."
INDEX {
svcId,
sdpBindId,
tmnxCpmProtExcdSdpBindEcmMac,
tmnxCpmProtExcdSdpBindEcmLevel,
tmnxCpmProtExcdSdpBindEcmOpCode
}
::= { tmnxCpmProtExcdSdpBindEcmTable 1 }
TmnxCpmProtExcdSdpBindEcmEntry ::= SEQUENCE
{
tmnxCpmProtExcdSdpBindEcmMac MacAddress,
tmnxCpmProtExcdSdpBindEcmLevel Dot1agCfmMDLevel,
tmnxCpmProtExcdSdpBindEcmOpCode TmnxCpmProtEthCfmOpCode,
tmnxCpmProtExcdSdpBindEcmPeriods Counter32,
tmnxCpmProtExcdSdpBindEcmStarted TimeStamp,
tmnxCpmProtExcdSdpBindEcmTime TimeStamp
}
tmnxCpmProtExcdSdpBindEcmMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindEcmMac specifies a source MAC
address. The Eth-CFM PDU stream matching the MAC address (and
matching the other index values of this table) has exceeded its
Eth-CFM rate limit.
The manager must provide the all-zero MAC address to get a row for a
stream which is Eth-CFM rate limited using the
'ethCfmMonitorAggregate(1)' option of the
sdpBindCpmProtEthCfmMonitorFlags object."
::= { tmnxCpmProtExcdSdpBindEcmEntry 1 }
tmnxCpmProtExcdSdpBindEcmLevel OBJECT-TYPE
SYNTAX Dot1agCfmMDLevel
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindEcmLevel specifies an Eth-CFM domain
level. The Eth-CFM PDU stream matching the domain level (and matching
the other index values of this table) has exceeded its Eth-CFM rate
limit."
::= { tmnxCpmProtExcdSdpBindEcmEntry 2 }
tmnxCpmProtExcdSdpBindEcmOpCode OBJECT-TYPE
SYNTAX TmnxCpmProtEthCfmOpCode
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindEcmOpCode specifies an Eth-CFM
opcode (e.g. Continuity Check Message == 1). The Eth-CFM PDU stream
matching the opcode (and matching the other index values of this table)
has exceeded its Eth-CFM rate limit."
::= { tmnxCpmProtExcdSdpBindEcmEntry 3 }
tmnxCpmProtExcdSdpBindEcmPeriods OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindEcmPeriods indicates the number of
times a rate limit violation was detected for this source.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtExcdSdpBindEcmEntry 4 }
tmnxCpmProtExcdSdpBindEcmStarted OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindEcmStarted indicates the sysUpTime
at the time of the creation of this entry."
::= { tmnxCpmProtExcdSdpBindEcmEntry 5 }
tmnxCpmProtExcdSdpBindEcmTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindEcmTime indicates the sysUpTime at
the time of the last update of this entry."
::= { tmnxCpmProtExcdSdpBindEcmEntry 6 }
tmnxCpmProtExcdSapEcmTblLChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapEcmTblLChg indicates the sysUpTime at
the time of the last modification of an entry in the
tmnxCpmProtExcdSapEcmTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object is zero."
::= { tmnxCpmSecurityObjs 38 }
tmnxCpmProtExcdSapEcmTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtExcdSapEcmEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxCpmProtExcdSapEcmTable has a row for each Ethernet Connectivity
Fault Management (Eth-CFM) PDU stream, served by a SAP, that has
exceeded its Eth-CFM rate limit."
::= { tmnxCpmSecurityObjs 39 }
tmnxCpmProtExcdSapEcmEntry OBJECT-TYPE
SYNTAX TmnxCpmProtExcdSapEcmEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains the statistics for an Eth-CFM PDU stream that has
exceeded its Eth-CFM rate limit.
Rows are created or removed automatically by the system."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxCpmProtExcdSapEcmMac,
tmnxCpmProtExcdSapEcmLevel,
tmnxCpmProtExcdSapEcmOpCode
}
::= { tmnxCpmProtExcdSapEcmTable 1 }
TmnxCpmProtExcdSapEcmEntry ::= SEQUENCE
{
tmnxCpmProtExcdSapEcmMac MacAddress,
tmnxCpmProtExcdSapEcmLevel Dot1agCfmMDLevel,
tmnxCpmProtExcdSapEcmOpCode TmnxCpmProtEthCfmOpCode,
tmnxCpmProtExcdSapEcmPeriods Counter32,
tmnxCpmProtExcdSapEcmStarted TimeStamp,
tmnxCpmProtExcdSapEcmTime TimeStamp
}
tmnxCpmProtExcdSapEcmMac OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapEcmMac specifies a source MAC
address. The Eth-CFM PDU stream matching the MAC address (and
matching the other index values of this table) has exceeded its
Eth-CFM rate limit.
The manager must provide the all-zero MAC address to get a row for a
stream which is Eth-CFM rate limited using the
'ethCfmMonitorAggregate(1)' option of the sapCpmProtEthCfmMonitorFlags
object."
::= { tmnxCpmProtExcdSapEcmEntry 1 }
tmnxCpmProtExcdSapEcmLevel OBJECT-TYPE
SYNTAX Dot1agCfmMDLevel
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapEcmLevel specifies an Eth-CFM domain
level. The Eth-CFM PDU stream matching the domain level (and matching
the other index values of this table) has exceeded its Eth-CFM rate
limit."
::= { tmnxCpmProtExcdSapEcmEntry 2 }
tmnxCpmProtExcdSapEcmOpCode OBJECT-TYPE
SYNTAX TmnxCpmProtEthCfmOpCode
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapEcmOpCode specifies an Eth-CFM opcode
(e.g. Continuity Check Message == 1). The Eth-CFM PDU stream matching
the opcode (and matching the other index values of this table) has
exceeded its Eth-CFM rate limit."
::= { tmnxCpmProtExcdSapEcmEntry 3 }
tmnxCpmProtExcdSapEcmPeriods OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapEcmPeriods indicates the number of
times a rate limit violation was detected for this source.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtExcdSapEcmEntry 4 }
tmnxCpmProtExcdSapEcmStarted OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapEcmStarted indicates the sysUpTime at
the time of the creation of this entry."
::= { tmnxCpmProtExcdSapEcmEntry 5 }
tmnxCpmProtExcdSapEcmTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapEcmTime indicates the sysUpTime at the
time of the last update of this entry."
::= { tmnxCpmProtExcdSapEcmEntry 6 }
tmnxCpmVprnNwExceptions OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmVprnNwExceptions specifies whether the MPLS
exception messages are allowed to be received on all VPRN instances.
When the value of tmnxCpmVprnNwExceptions is set to 'true', the MPLS
exception messages are allowed to be received on all VPRN instances in
the system from all network interfaces.
When the value of tmnxCpmVprnNwExceptions is set to 'false', the MPLS
exception messages are not allowed to be received on all VPRN
instances in the system from all network interfaces."
DEFVAL { false }
::= { tmnxCpmSecurityObjs 40 }
tmnxCpmNumVprnNwExceptions OBJECT-TYPE
SYNTAX Unsigned32 (10..1000)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmNumVprnNwExceptions specifies the number of MPLS
exception messages allowed to be received in the time frame specified
by tmnxCpmVprnNwExceptionsTime."
DEFVAL { 100 }
::= { tmnxCpmSecurityObjs 41 }
tmnxCpmVprnNwExceptionsTime OBJECT-TYPE
SYNTAX Unsigned32 (1..60)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmVprnNwExceptionsTime specifies the time frame in
seconds that is used to limit the number of MPLS exception messages
issued per time frame."
DEFVAL { 10 }
::= { tmnxCpmSecurityObjs 42 }
tmnxCpmProtExcdSapIpTableLastChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapIpTableLastChg indicates the sysUpTime
at the time of the last add, change, or delete of a row in the
tmnxCpmProtExcdSapIpTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero."
::= { tmnxCpmSecurityObjs 43 }
tmnxCpmProtExcdSapIpTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtExcdSapIpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxCpmProtExcdSapIpTable has a row for each <service ID, SAP, source
IP address> triple that has exceeded the per-source rate limit
configured for the <service ID, SAP> pair. IP layer per-source rate
limiting is enabled for a <service ID, SAP> pair by setting
TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'true'."
::= { tmnxCpmSecurityObjs 44 }
tmnxCpmProtExcdSapIpEntry OBJECT-TYPE
SYNTAX TmnxCpmProtExcdSapIpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains statistics for an IP packet stream that has exceeded
its per-source rate limit.
A row is created by the system the first time a <service ID, SAP,
source IP address> triple exceeds its per-source rate limit. The
row is updated by the system on subsequent violations.
Rows are deleted when a clear operation is requested on the underlying
statistics."
INDEX {
svcId,
sapPortId,
sapEncapValue,
tmnxCpmProtExcdSapIpAddrType,
tmnxCpmProtExcdSapIpAddr
}
::= { tmnxCpmProtExcdSapIpTable 1 }
TmnxCpmProtExcdSapIpEntry ::= SEQUENCE
{
tmnxCpmProtExcdSapIpAddrType InetAddressType,
tmnxCpmProtExcdSapIpAddr InetAddress,
tmnxCpmProtExcdSapIpPeriods Counter32,
tmnxCpmProtExcdSapIpStarted TimeStamp,
tmnxCpmProtExcdSapIpTime TimeStamp
}
tmnxCpmProtExcdSapIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapIpAddrType indicates the address type of
tmnxCpmProtExcdSapIpAddr. 'ipv4(1)' is the only supported value."
::= { tmnxCpmProtExcdSapIpEntry 1 }
tmnxCpmProtExcdSapIpAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapIpAddr indicates the IP address of a
source which has exceeded its per-source rate limit."
::= { tmnxCpmProtExcdSapIpEntry 2 }
tmnxCpmProtExcdSapIpPeriods OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapIpPeriods indicates the number of times
a per-source rate limit violation was detected for this source.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtExcdSapIpEntry 3 }
tmnxCpmProtExcdSapIpStarted OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapIpStarted indicates the sysUpTime at
the time of the creation of this row."
::= { tmnxCpmProtExcdSapIpEntry 4 }
tmnxCpmProtExcdSapIpTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSapIpTime indicates the sysUpTime at the
time of the last update of this row."
::= { tmnxCpmProtExcdSapIpEntry 5 }
tmnxDCpuProtPolicyTblLstChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtPolicyTblLstChg indicates the timestamp of
the last change to the tmnxDCpuProtPolicyTable. A value of 0 indicates
that no changes were made to this table since the system was last
initialized."
::= { tmnxCpmSecurityObjs 45 }
tmnxDCpuProtPolicyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxDCpuProtPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxDCpuProtPolicyTable has an entry for each Distributed CPU
Protection Policy configured in the system."
::= { tmnxCpmSecurityObjs 46 }
tmnxDCpuProtPolicyEntry OBJECT-TYPE
SYNTAX TmnxDCpuProtPolicyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the configuration information related to a
Distributed CPU Protection Policy."
INDEX { tmnxDCpuProtPolicyName }
::= { tmnxDCpuProtPolicyTable 1 }
TmnxDCpuProtPolicyEntry ::= SEQUENCE
{
tmnxDCpuProtPolicyName TNamedItem,
tmnxDCpuProtPolicyRowStatus RowStatus,
tmnxDCpuProtPolicyLastMdfy TimeStamp,
tmnxDCpuProtPolicyDescr TItemDescription
}
tmnxDCpuProtPolicyName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtPolicyName specifies Distributed CPU
Protection Policy name."
::= { tmnxDCpuProtPolicyEntry 1 }
tmnxDCpuProtPolicyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxDCpuProtPolicyRowStatus object is used to create and delete
rows in the tmnxDCpuProtPolicyTable."
::= { tmnxDCpuProtPolicyEntry 2 }
tmnxDCpuProtPolicyLastMdfy OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxDCpuProtPolicyLastMdfy object indicates the timestamp of the
last change to this row. A value of zero indicates that this row was
not modified since the system was last initialized."
::= { tmnxDCpuProtPolicyEntry 3 }
tmnxDCpuProtPolicyDescr OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtPolicyDescr specifies the user provided
description of this Distributed CPU Protection Policy."
DEFVAL { ''H }
::= { tmnxDCpuProtPolicyEntry 4 }
tmnxDCpuProtStaticPlcrTblLstChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrTblLstChg indicates the timestamp
of the last change to the tmnxDCpuProtStaticPlcrTable. A value of 0
indicates that no changes were made to this table since the system was
last initialized."
::= { tmnxCpmSecurityObjs 47 }
tmnxDCpuProtStaticPlcrTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxDCpuProtStaticPlcrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxDCpuProtStaticPlcrTable has an entry for static-policer
configured for each Distributed CPU Protection Policy identified by
tmnxDCpuProtPolicyName."
::= { tmnxCpmSecurityObjs 48 }
tmnxDCpuProtStaticPlcrEntry OBJECT-TYPE
SYNTAX TmnxDCpuProtStaticPlcrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the configuration information related to
static-policer for Distributed CPU Protection Policy."
INDEX {
tmnxDCpuProtPolicyName,
tmnxDCpuProtStaticPlcrName
}
::= { tmnxDCpuProtStaticPlcrTable 1 }
TmnxDCpuProtStaticPlcrEntry ::= SEQUENCE
{
tmnxDCpuProtStaticPlcrName TNamedItem,
tmnxDCpuProtStaticPlcrRowStatus RowStatus,
tmnxDCpuProtStaticPlcrLastMdfy TimeStamp,
tmnxDCpuProtStaticPlcrDescr TItemDescription,
tmnxDCpuProtStaticPlcrPackets TmnxDistCpuProtPacketRateLimit,
tmnxDCpuProtStaticPlcrWithin Unsigned32,
tmnxDCpuProtStaticPlcrInitDelay Unsigned32,
tmnxDCpuProtStaticPlcrKbps TmnxDistCpuProtRate,
tmnxDCpuProtStaticPlcrMbs TmnxDistCpuProtBurstSize,
tmnxDCpuProtStaticPlcrExdActn TmnxDistCpuProtAction,
tmnxDCpuProtStaticPlcrExdHold TmnxDistCpuProtActionDuration,
tmnxDCpuProtStaticPlcrRateType TmnxDistCpuProtRateType,
tmnxDCpuProtStaticPlcrDectnTime Unsigned32,
tmnxDCpuProtStaticPlcrLogEvent TmnxDistCpuProtLogEventType
}
tmnxDCpuProtStaticPlcrName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrName specifies the static-policer
name for Distributed CPU Protection Policy."
::= { tmnxDCpuProtStaticPlcrEntry 1 }
tmnxDCpuProtStaticPlcrRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxDCpuProtStaticPlcrRowStatus object is used to create and
delete rows in the tmnxDCpuProtStaticPlcrTable."
::= { tmnxDCpuProtStaticPlcrEntry 2 }
tmnxDCpuProtStaticPlcrLastMdfy OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxDCpuProtStaticPlcrLastMdfy object indicates the timestamp of
the last change to this row. A value of zero indicates that this row
was not modified since the system was last initialized."
::= { tmnxDCpuProtStaticPlcrEntry 3 }
tmnxDCpuProtStaticPlcrDescr OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrDescr specifies the user provided
description for this static-policer."
DEFVAL { ''H }
::= { tmnxDCpuProtStaticPlcrEntry 4 }
tmnxDCpuProtStaticPlcrPackets OBJECT-TYPE
SYNTAX TmnxDistCpuProtPacketRateLimit
UNITS "packets per interval"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrPackets specifies the overall
packet arrival rate limit to be applied to all sources of packets.
A default value of -1, specifies an unrestricted packet arrival rate."
DEFVAL { -1 }
::= { tmnxDCpuProtStaticPlcrEntry 5 }
tmnxDCpuProtStaticPlcrWithin OBJECT-TYPE
SYNTAX Unsigned32 (1..32767)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrWithin specifies packets rate
limiting time base."
DEFVAL { 1 }
::= { tmnxDCpuProtStaticPlcrEntry 6 }
tmnxDCpuProtStaticPlcrInitDelay OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
UNITS "packets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrInitDelay specifies the number of
packets allowed in an initial burst or burst after the policer bucket
has drained to zero."
DEFVAL { 0 }
::= { tmnxDCpuProtStaticPlcrEntry 7 }
tmnxDCpuProtStaticPlcrKbps OBJECT-TYPE
SYNTAX TmnxDistCpuProtRate
UNITS "kilobps"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrKbps specifies the limiting rate.
When tmnxDCpuProtStaticPlcrKbps is used, bucket limit in the policer
is initialized to value specified by tmnxDCpuProtStaticPlcrMbs."
DEFVAL { -1 }
::= { tmnxDCpuProtStaticPlcrEntry 8 }
tmnxDCpuProtStaticPlcrMbs OBJECT-TYPE
SYNTAX TmnxDistCpuProtBurstSize
UNITS "bytes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrMbs specifies buffer space
assigned. When tmnxDCpuProtStaticPlcrKbps is used, bucket limit in the
policer is initialized to value specified by
tmnxDCpuProtStaticPlcrMbs."
DEFVAL { -1 }
::= { tmnxDCpuProtStaticPlcrEntry 9 }
tmnxDCpuProtStaticPlcrExdActn OBJECT-TYPE
SYNTAX TmnxDistCpuProtAction
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrExdActn specifies the exceed-action
performed on the incoming packets. When the value of
tmnxDCpuProtStaticPlcrExdActn is set to discard, all packets that are
non-conformant are discarded and when it is set to low-priority, all
packets that are non-conformant are marked as low-priority."
DEFVAL { none }
::= { tmnxDCpuProtStaticPlcrEntry 10 }
tmnxDCpuProtStaticPlcrExdHold OBJECT-TYPE
SYNTAX TmnxDistCpuProtActionDuration
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrExdHold specifies the hold-down
behavior.
When an enforcement policer has marked or discarded one or more
packets and tmnxDCpuProtStaticPlcrExdHold has been specified for the
exceed-action, then the policer will be set into a mark-all or
drop-all mode that causes the policer state to be updated as normal
and also causes all packets to be marked as low-priority or discard
regardless of the results of the policing decisions/actions/state."
DEFVAL { 0 }
::= { tmnxDCpuProtStaticPlcrEntry 11 }
tmnxDCpuProtStaticPlcrRateType OBJECT-TYPE
SYNTAX TmnxDistCpuProtRateType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrRateType specifies the rate type
applied for static-policer specified by tmnxDCpuProtStaticPlcrName.
When the value of tmnxDCpuProtStaticPlcrName is 'packets', the values
of tmnxDCpuProtStaticPlcrKbps and tmnxDCpuProtStaticPlcrMbs are set to
default values.
When the value of tmnxDCpuProtStaticPlcrName is 'kbps', the values of
tmnxDCpuProtStaticPlcrPackets, tmnxDCpuProtStaticPlcrWithin and
tmnxDCpuProtStaticPlcrInitDelay are set to default values."
DEFVAL { packets }
::= { tmnxDCpuProtStaticPlcrEntry 12 }
tmnxDCpuProtStaticPlcrDectnTime OBJECT-TYPE
SYNTAX Unsigned32 (1..128000)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrDectnTime specifies contiguous
conformant period, when a static-policer specified by
tmnxDCpuProtStaticPlcrName is declared in an 'exceed' state."
DEFVAL { 30 }
::= { tmnxDCpuProtStaticPlcrEntry 13 }
tmnxDCpuProtStaticPlcrLogEvent OBJECT-TYPE
SYNTAX TmnxDistCpuProtLogEventType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtStaticPlcrLogEvent controls the creation of
log events related to static policer status and activity."
DEFVAL { enable }
::= { tmnxDCpuProtStaticPlcrEntry 14 }
tmnxDCpuProtLocMonPlcrTblLstChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrTblLstChg indicates the timestamp
of the last change to the tmnxDCpuProtLocMonPlcrTable. A value of 0
indicates that no changes were made to this table since the system was
last initialized."
::= { tmnxCpmSecurityObjs 49 }
tmnxDCpuProtLocMonPlcrTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxDCpuProtLocMonPlcrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxDCpuProtLocMonPlcrTable has an entry for each Distributed CPU
Protection Policy configured in the system."
::= { tmnxCpmSecurityObjs 50 }
tmnxDCpuProtLocMonPlcrEntry OBJECT-TYPE
SYNTAX TmnxDCpuProtLocMonPlcrEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the configuration information related to
Local Monitoring Policer for Distributed CPU Protection Policy."
INDEX {
tmnxDCpuProtPolicyName,
tmnxDCpuProtLocMonPlcrName
}
::= { tmnxDCpuProtLocMonPlcrTable 1 }
TmnxDCpuProtLocMonPlcrEntry ::= SEQUENCE
{
tmnxDCpuProtLocMonPlcrName TNamedItem,
tmnxDCpuProtLocMonPlcrRowStatus RowStatus,
tmnxDCpuProtLocMonPlcrLastMdfy TimeStamp,
tmnxDCpuProtLocMonPlcrDescr TItemDescription,
tmnxDCpuProtLocMonPlcrPackets TmnxDistCpuProtPacketRateLimit,
tmnxDCpuProtLocMonPlcrWithin Unsigned32,
tmnxDCpuProtLocMonPlcrInitDelay Unsigned32,
tmnxDCpuProtLocMonPlcrKbps TmnxDistCpuProtRate,
tmnxDCpuProtLocMonPlcrMbs TmnxDistCpuProtBurstSize,
tmnxDCpuProtLocMonPlcrExcdActn TmnxDistCpuProtAction,
tmnxDCpuProtLocMonPlcrRateType TmnxDistCpuProtRateType,
tmnxDCpuProtLocMonPlcrLogEvent TmnxDistCpuProtLogEventType
}
tmnxDCpuProtLocMonPlcrName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrName specifies the local monitoring
policy name for Distributed CPU Protection Policy."
::= { tmnxDCpuProtLocMonPlcrEntry 1 }
tmnxDCpuProtLocMonPlcrRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxDCpuProtLocMonPlcrRowStatus object is used to create and
delete rows in the tmnxDCpuProtLocMonPlcrTable."
::= { tmnxDCpuProtLocMonPlcrEntry 2 }
tmnxDCpuProtLocMonPlcrLastMdfy OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxDCpuProtLocMonPlcrLastMdfy object indicates the timestamp of
the last change to this row. A value of zero indicates that this row
was not modified since the system was last initialized."
::= { tmnxDCpuProtLocMonPlcrEntry 3 }
tmnxDCpuProtLocMonPlcrDescr OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrDescr specifies the user provided
description of this Distributed CPU Protection Policy."
DEFVAL { ''H }
::= { tmnxDCpuProtLocMonPlcrEntry 4 }
tmnxDCpuProtLocMonPlcrPackets OBJECT-TYPE
SYNTAX TmnxDistCpuProtPacketRateLimit
UNITS "packets per interval"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrPackets specifies the overall
packet arrival rate limit to be applied to all sources of packets.
A default value of -1, specifies an unrestricted packet arrival rate."
DEFVAL { -1 }
::= { tmnxDCpuProtLocMonPlcrEntry 5 }
tmnxDCpuProtLocMonPlcrWithin OBJECT-TYPE
SYNTAX Unsigned32 (1..32767)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrWithin specifies packets rate
limiting time base."
DEFVAL { 1 }
::= { tmnxDCpuProtLocMonPlcrEntry 6 }
tmnxDCpuProtLocMonPlcrInitDelay OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
UNITS "packets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrInitDelay specifies the number of
packets allowed in an initial burst or burst after the policer bucket
has drained to zero."
DEFVAL { 0 }
::= { tmnxDCpuProtLocMonPlcrEntry 7 }
tmnxDCpuProtLocMonPlcrKbps OBJECT-TYPE
SYNTAX TmnxDistCpuProtRate
UNITS "kilobps"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrKbps specifies the limiting rate.
When tmnxDCpuProtLocMonPlcrKbps is used, bucket limit in the policer
is initialized to value specified by tmnxDCpuProtLocMonPlcrMbs."
DEFVAL { -1 }
::= { tmnxDCpuProtLocMonPlcrEntry 8 }
tmnxDCpuProtLocMonPlcrMbs OBJECT-TYPE
SYNTAX TmnxDistCpuProtBurstSize
UNITS "bytes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrMbs specifies buffer space
assigned. When tmnxDCpuProtLocMonPlcrKbps is used, bucket limit in the
policer is initialized to value specified by
tmnxDCpuProtLocMonPlcrMbs."
DEFVAL { -1 }
::= { tmnxDCpuProtLocMonPlcrEntry 9 }
tmnxDCpuProtLocMonPlcrExcdActn OBJECT-TYPE
SYNTAX TmnxDistCpuProtAction
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrExcdActn specifies the
exceed-action performed on the incoming packets. When the value of
tmnxDCpuProtLocMonPlcrExcdActn is set to discard, all packets that are
non-conformant are discarded and when it is set to low-priority, all
packets that are non-conformant are marked as low-priority."
DEFVAL { none }
::= { tmnxDCpuProtLocMonPlcrEntry 10 }
tmnxDCpuProtLocMonPlcrRateType OBJECT-TYPE
SYNTAX TmnxDistCpuProtRateType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrRateType specifies the rate type
applied for local-monitoring-policer specified by
tmnxDCpuProtLocMonPlcrName.
When the value of tmnxDCpuProtLocMonPlcrRateType is 'packets', the
values of tmnxDCpuProtLocMonPlcrKbps and tmnxDCpuProtLocMonPlcrMbs are
set to default values.
When the value of tmnxDCpuProtLocMonPlcrRateType is 'kbps', the values
of tmnxDCpuProtLocMonPlcrPackets, tmnxDCpuProtLocMonPlcrWithin and
tmnxDCpuProtLocMonPlcrInitDelay are set to default values."
DEFVAL { packets }
::= { tmnxDCpuProtLocMonPlcrEntry 11 }
tmnxDCpuProtLocMonPlcrLogEvent OBJECT-TYPE
SYNTAX TmnxDistCpuProtLogEventType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtLocMonPlcrLogEvent controls the creation of
log events related to local-monitoring policer status and activity."
DEFVAL { enable }
::= { tmnxDCpuProtLocMonPlcrEntry 12 }
tmnxDCpuProtProtocolTblLstChg OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolTblLstChg indicates the timestamp of
the last change to the tmnxDCpuProtProtocolTable. A value of 0
indicates that no changes were made to this table since the system was
last initialized."
::= { tmnxCpmSecurityObjs 51 }
tmnxDCpuProtProtocolTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxDCpuProtProtocolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxDCpuProtProtocolTable has an entry for each Distributed CPU
Protection Policy configured in the system."
::= { tmnxCpmSecurityObjs 52 }
tmnxDCpuProtProtocolEntry OBJECT-TYPE
SYNTAX TmnxDCpuProtProtocolEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the configuration information related to
type of Protocol Policer monitored by Distributed CPU Protection
Policy."
INDEX {
tmnxDCpuProtPolicyName,
tmnxDCpuProtProtocol
}
::= { tmnxDCpuProtProtocolTable 1 }
TmnxDCpuProtProtocolEntry ::= SEQUENCE
{
tmnxDCpuProtProtocol TmnxDistCpuProtProtocolId,
tmnxDCpuProtProtocolRowStatus RowStatus,
tmnxDCpuProtProtocolLastMdfy TimeStamp,
tmnxDCpuProtProtocolEnforce TmnxDistCpuProtEnforceType,
tmnxDCpuProtProtocolEnfrcePolNme TNamedItem,
tmnxDCpuProtProtocolDynPackets TmnxDistCpuProtPacketRateLimit,
tmnxDCpuProtProtocolDynWithin Unsigned32,
tmnxDCpuProtProtocolDynInitDly Unsigned32,
tmnxDCpuProtProtocolDynKbps TmnxDistCpuProtRate,
tmnxDCpuProtProtocolDynMbs TmnxDistCpuProtBurstSize,
tmnxDCpuProtProtocolDynDectnTime Unsigned32,
tmnxDCpuProtProtocolDynExdActn TmnxDistCpuProtAction,
tmnxDCpuProtProtocolDynExdHold TmnxDistCpuProtActionDuration,
tmnxDCpuProtProtocolDynRateType TmnxDistCpuProtRateType,
tmnxDCpuProtProtocolDynLogEvent TmnxDistCpuProtLogEventType
}
tmnxDCpuProtProtocol OBJECT-TYPE
SYNTAX TmnxDistCpuProtProtocolId
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocol specifies the
protocol name to be monitored by Distributed CPU Protection Policy."
::= { tmnxDCpuProtProtocolEntry 1 }
tmnxDCpuProtProtocolRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxDCpuProtProtocolRowStatus object is used to create and delete
rows in the tmnxDCpuProtProtocolTable."
::= { tmnxDCpuProtProtocolEntry 2 }
tmnxDCpuProtProtocolLastMdfy OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxDCpuProtProtocolLastMdfy object indicates the timestamp of the
last change to this row. A value of zero indicates that this row was
not modified since the system was last initialized."
::= { tmnxDCpuProtProtocolEntry 3 }
tmnxDCpuProtProtocolEnforce OBJECT-TYPE
SYNTAX TmnxDistCpuProtEnforceType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolEnforce specifies the type of
enforcement policer used."
DEFVAL { dynamic }
::= { tmnxDCpuProtProtocolEntry 4 }
tmnxDCpuProtProtocolEnfrcePolNme OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolEnfrcePolNme specifies the
enforcement policer name."
DEFVAL { "local-mon-bypass" }
::= { tmnxDCpuProtProtocolEntry 5 }
tmnxDCpuProtProtocolDynPackets OBJECT-TYPE
SYNTAX TmnxDistCpuProtPacketRateLimit
UNITS "packets per interval"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynPackets specifies the overall
packet arrival rate limit to be applied to all sources of packets.
A default value of -1, specifies an unrestricted packet arrival rate."
DEFVAL { -1 }
::= { tmnxDCpuProtProtocolEntry 6 }
tmnxDCpuProtProtocolDynWithin OBJECT-TYPE
SYNTAX Unsigned32 (1..32767)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynWithin specifies packets rate
limiting time base."
DEFVAL { 1 }
::= { tmnxDCpuProtProtocolEntry 7 }
tmnxDCpuProtProtocolDynInitDly OBJECT-TYPE
SYNTAX Unsigned32 (0..255)
UNITS "packets"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynInitDly specifies the number of
packets allowed in an initial burst or burst after the policer bucket
has drained to zero."
DEFVAL { 0 }
::= { tmnxDCpuProtProtocolEntry 8 }
tmnxDCpuProtProtocolDynKbps OBJECT-TYPE
SYNTAX TmnxDistCpuProtRate
UNITS "kilobps"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynKbps specifies the limiting rate.
When tmnxDCpuProtProtocolDynKbps is used, bucket limit in the policer
is initialized to value specified by tmnxDCpuProtProtocolDynMbs."
DEFVAL { -1 }
::= { tmnxDCpuProtProtocolEntry 9 }
tmnxDCpuProtProtocolDynMbs OBJECT-TYPE
SYNTAX TmnxDistCpuProtBurstSize
UNITS "bytes"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynMbs specifies buffer space
assigned. When tmnxDCpuProtProtocolDynKbps is used, bucket limit in
the policer is initialized to value specified by
tmnxDCpuProtProtocolDynMbs."
DEFVAL { -1 }
::= { tmnxDCpuProtProtocolEntry 10 }
tmnxDCpuProtProtocolDynDectnTime OBJECT-TYPE
SYNTAX Unsigned32 (1..128000)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynDectnTime specifies contiguous
conformant period of min-enforce-time when dynamic enforcing policer
is instantiated."
DEFVAL { 30 }
::= { tmnxDCpuProtProtocolEntry 11 }
tmnxDCpuProtProtocolDynExdActn OBJECT-TYPE
SYNTAX TmnxDistCpuProtAction
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynExdActn specifies the action
performed on the incoming packets. When the value of
tmnxDCpuProtProtocolDynExdActn is set to discard, all packets that are
non-conformant are discarded and when it is set to low-priority, all
packets that are non-conformant are marked as low-priority."
DEFVAL { none }
::= { tmnxDCpuProtProtocolEntry 12 }
tmnxDCpuProtProtocolDynExdHold OBJECT-TYPE
SYNTAX TmnxDistCpuProtActionDuration
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynExdHold specifies the hold-down
behavior.
When an enforcement policer has marked or discarded one or more
packets and tmnxDCpuProtProtocolDynExdHold has been specified for the
exceed-action, then the policer will be set into a mark-all or
drop-all mode that causes the policer state to be updated as normal
and also causes all packets to be marked as low-priority or discard
regardless of the results of the policing decisions/actions/state."
DEFVAL { 0 }
::= { tmnxDCpuProtProtocolEntry 13 }
tmnxDCpuProtProtocolDynRateType OBJECT-TYPE
SYNTAX TmnxDistCpuProtRateType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynRateType specifies the rate type
applied for the protocol specified by tmnxDCpuProtProtocol.
When the value of tmnxDCpuProtProtocolDynRateType is 'packets', the
values of tmnxDCpuProtProtocolDynKbps and tmnxDCpuProtProtocolDynMbs
are set to default values.
When the value of tmnxDCpuProtProtocolDynRateType is 'kbps', the
values of tmnxDCpuProtProtocolDynPackets,
tmnxDCpuProtProtocolDynWithin and tmnxDCpuProtProtocolDynInitDly are
set to default values."
DEFVAL { packets }
::= { tmnxDCpuProtProtocolEntry 14 }
tmnxDCpuProtProtocolDynLogEvent OBJECT-TYPE
SYNTAX TmnxDistCpuProtLogEventType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxDCpuProtProtocolDynLogEvent controls the creation of
log events related to dynamic enforcement policer status and activity."
DEFVAL { enable }
::= { tmnxDCpuProtProtocolEntry 15 }
tmnxCpmProtBlockPIMTunneled OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxCpmProtBlockPIMTunneled specifies whether to block
extraction and processing of arriving PIM packets inside a tunnel on a
network interface.
When the value of this object is set to 'false (2)', tunneling of PIM
packet will be allowed even if PIM is not configured. When the value
of this object is set to 'true (1)', tunneling of PIM packets is
blocked on an interface where the protocol is not configured.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { false }
::= { tmnxCpmSecurityObjs 53 }
tmnxCpmProtPortRateActionLowPrio OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxCpmProtPortRateActionLowPrio specifies whether to
mark packets as low-priority when port-overall-rate-limit specified by
tmnxCpmProtPortOverallRateLimit is exceeded.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { false }
::= { tmnxCpmSecurityObjs 54 }
tmnxCpmProtIPSrcMonDhcp OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtIPSrcMonDhcp specifies whether DHCP protocol
should be included for monitoring of source IP.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { true }
::= { tmnxCpmSecurityObjs 55 }
tmnxCpmProtIPSrcMonGtp OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtIPSrcMonGtp specifies whether GTP protocol
should be included for monitoring of source IP.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { false }
::= { tmnxCpmSecurityObjs 56 }
tmnxCpmProtIPSrcMonIcmp OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtIPSrcMonIcmp specifies whether ICMP protocol
should be included for monitoring of source IP.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { false }
::= { tmnxCpmSecurityObjs 57 }
tmnxCpmProtIPSrcMonIgmp OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxCpmProtIPSrcMonIgmp specifies whether IGMP protocol
should be included for monitoring of source IP.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
DEFVAL { false }
::= { tmnxCpmSecurityObjs 58 }
tCpmProtOutProfViolIfTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmProtOutProfViolIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmProtOutProfViolIfTable has an entry for each router interface
where the cpu protection policy's out-of-profile rate limit was
violated.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 61 }
tCpmProtOutProfViolIfEntry OBJECT-TYPE
SYNTAX TCpmProtOutProfViolIfEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the information related to a router
interface where the cpu protection policy's out-of-profile rate limit
was violated.
Rows are created or removed automatically by the system."
INDEX {
vRtrID,
vRtrIfIndex
}
::= { tCpmProtOutProfViolIfTable 1 }
TCpmProtOutProfViolIfEntry ::= SEQUENCE
{
tCpmProtOutProfViolIfPeriods Gauge32,
tCpmProtOutProfViolIfTimeStart TimeStamp,
tCpmProtOutProfViolIfTime TimeStamp
}
tCpmProtOutProfViolIfPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmProtOutProfViolIfPeriods indicates the number of
times the out-of-profile rate limit violation was detected at this
router interface.
The out-of-profile rate limit is indicated by the object
tmnxCpmProtPolOutProfileRate."
::= { tCpmProtOutProfViolIfEntry 1 }
tCpmProtOutProfViolIfTimeStart OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmProtOutProfViolIfTimeStart indicates the sysUpTime at
the time of the creation of this entry."
::= { tCpmProtOutProfViolIfEntry 2 }
tCpmProtOutProfViolIfTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmProtOutProfViolIfTime indicates the sysUpTime at the
time of the last modification of this entry."
::= { tCpmProtOutProfViolIfEntry 3 }
tCpmProtOutProfViolSapTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmProtOutProfViolSapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmProtOutProfViolSapTable has an entry for each SAP where the
cpu protection policy's out-of-profile rate limit was violated.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 62 }
tCpmProtOutProfViolSapEntry OBJECT-TYPE
SYNTAX TCpmProtOutProfViolSapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the information related to a SAP where the
cpu protection policy's out-of-profile rate limit was violated.
Rows are created or removed automatically by the system."
INDEX {
svcId,
sapPortId,
sapEncapValue
}
::= { tCpmProtOutProfViolSapTable 1 }
TCpmProtOutProfViolSapEntry ::= SEQUENCE
{
tCpmProtOutProfViolSapPeriods Gauge32,
tCpmProtOutProfViolSapTimeStart TimeStamp,
tCpmProtOutProfViolSapTime TimeStamp
}
tCpmProtOutProfViolSapPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmProtOutProfViolSapPeriods indicates the number of
times the out-of-profile rate limit violation was detected at this
SAP.
The out-of-profile rate limit is indicated by the object
tmnxCpmProtPolOutProfileRate."
::= { tCpmProtOutProfViolSapEntry 1 }
tCpmProtOutProfViolSapTimeStart OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmProtOutProfViolSapTimeStart indicates the sysUpTime
at the time of the creation of this entry."
::= { tCpmProtOutProfViolSapEntry 2 }
tCpmProtOutProfViolSapTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmProtOutProfViolSapTime indicates the sysUpTime at the
time of the last update of this entry."
::= { tCpmProtOutProfViolSapEntry 3 }
tCpmProtOutProfViolSdpBindTable OBJECT-TYPE
SYNTAX SEQUENCE OF TCpmProtOutProfViolSdpBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tCpmProtOutProfViolSdpBindTable has an entry for each SDP binding
where the cpu protection policy's out-of-profile rate limit was
violated.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxCpmSecurityObjs 63 }
tCpmProtOutProfViolSdpBindEntry OBJECT-TYPE
SYNTAX TCpmProtOutProfViolSdpBindEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents the information related to a SDP binding
where the cpu protection policy's out-of-profile rate limit was
violated.
Rows are created or removed automatically by the system."
INDEX {
svcId,
sdpBindId
}
::= { tCpmProtOutProfViolSdpBindTable 1 }
TCpmProtOutProfViolSdpBindEntry ::= SEQUENCE
{
tCpmProtOutProfViolSdpBindPeriod Gauge32,
tCpmProtOutProfViolSdpBindTmeStr TimeStamp,
tCpmProtOutProfViolSdpBindTime TimeStamp
}
tCpmProtOutProfViolSdpBindPeriod OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmProtOutProfViolSdpBindPeriod indicates the number of
times the out-of-profile rate limit violation was detected at this SDP
binding.
The out-of-profile rate limit is indicated by the object
tmnxCpmProtPolOutProfileRate."
::= { tCpmProtOutProfViolSdpBindEntry 1 }
tCpmProtOutProfViolSdpBindTmeStr OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmProtOutProfViolSdpBindTmeStr indicates the sysUpTime
at the time of the creation of this entry."
::= { tCpmProtOutProfViolSdpBindEntry 2 }
tCpmProtOutProfViolSdpBindTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tCpmProtOutProfViolSdpBindTime indicates the sysUpTime at
the time of the last update of this entry."
::= { tCpmProtOutProfViolSdpBindEntry 3 }
tmnxCpmProtExcdSdpBindIpTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCpmProtExcdSdpBindIpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxCpmProtExcdSdpBindIpTable has a row for each service-id, sdp
and source IP address that has exceeded the per-source rate limit
configured for the <service-id, sdp> pair. IP layer per-source rate
limiting is enabled for a <service-id, sdp> pair by setting
TIMETRA-SDP-MIB::sdpBindCpmProtMonitorIP to 'true'."
::= { tmnxCpmSecurityObjs 64 }
tmnxCpmProtExcdSdpBindIpEntry OBJECT-TYPE
SYNTAX TmnxCpmProtExcdSdpBindIpEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row contains statistics for an IP packet stream that has exceeded
its per-source rate limit.
A row is created by the system the first time a service-id, sdp and
source IP address exceeds its per-source rate limit. The row is
updated by the system on subsequent violations.
Rows are deleted when a clear operation is requested on the underlying
statistics."
INDEX {
svcId,
sdpBindId,
tmnxCpmProtExcdSdpBindIpAddrType,
tmnxCpmProtExcdSdpBindIpAddr
}
::= { tmnxCpmProtExcdSdpBindIpTable 1 }
TmnxCpmProtExcdSdpBindIpEntry ::= SEQUENCE
{
tmnxCpmProtExcdSdpBindIpAddrType InetAddressType,
tmnxCpmProtExcdSdpBindIpAddr InetAddress,
tmnxCpmProtExcdSdpBindIpPeriods Counter32,
tmnxCpmProtExcdSdpBindIpStarted TimeStamp,
tmnxCpmProtExcdSdpBindIpTime TimeStamp
}
tmnxCpmProtExcdSdpBindIpAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindIpAddrType indicates the address
type of tmnxCpmProtExcdSdpBindIpAddr. 'ipv4(1)' is the only supported
value."
::= { tmnxCpmProtExcdSdpBindIpEntry 1 }
tmnxCpmProtExcdSdpBindIpAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (4|16))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindIpAddr indicates the IP address of
a source which has exceeded its per-source rate limit."
::= { tmnxCpmProtExcdSdpBindIpEntry 2 }
tmnxCpmProtExcdSdpBindIpPeriods OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindIpPeriods indicates the number of
times a per-source rate limit violation was detected for this source.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod."
::= { tmnxCpmProtExcdSdpBindIpEntry 3 }
tmnxCpmProtExcdSdpBindIpStarted OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindIpStarted indicates the sysUpTime
at the time of the creation of this row."
::= { tmnxCpmProtExcdSdpBindIpEntry 4 }
tmnxCpmProtExcdSdpBindIpTime OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxCpmProtExcdSdpBindIpTime indicates the sysUpTime at
the time of the last update of this row."
::= { tmnxCpmProtExcdSdpBindIpEntry 5 }
tmnxPasswordHashObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 10 }
tmnxPassHashReadVersion OBJECT-TYPE
SYNTAX TmnxPassHashReadType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxPassHashReadVersion specifies the hash algorithm accepted by the
system while executing commands."
DEFVAL { all-hash }
::= { tmnxPasswordHashObjs 1 }
tmnxPassHashWriteVersion OBJECT-TYPE
SYNTAX TmnxPassHashWriteType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxPassHashWriteVersion specifies the hash version to be used while
saving the configuration files."
DEFVAL { hash2 }
::= { tmnxPasswordHashObjs 2 }
tmnxPassHashWriteVersionMdCli OBJECT-TYPE
SYNTAX TmnxPassHashWriteType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxPassHashWriteVersionMdCli specifies the hash version to be used
while saving the configuration files in Md-Cli."
DEFVAL { hash2 }
::= { tmnxPasswordHashObjs 3 }
tmnxPassHashWriteVersionNetconf OBJECT-TYPE
SYNTAX TmnxPassHashWriteType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxPassHashWriteVersionNetconf specifies the hash version to be used
while saving the configuration files in Netconf."
DEFVAL { hash2 }
::= { tmnxPasswordHashObjs 4 }
tmnxPassHashWriteVersionGrpc OBJECT-TYPE
SYNTAX TmnxPassHashWriteType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxPassHashWriteVersionGrpc specifies the hash version to be used
while saving the configuration files in Grpc."
DEFVAL { hash2 }
::= { tmnxPasswordHashObjs 5 }
tmnxSSHServerObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 11 }
tmnxSSHServerPreserveKey OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxSSHServerPreserveKey specifies the persistence of the SSH
server host key. A value of 'true' specifies that the host key
will be saved by the server and restored following a system
reboot. The SSH client also saves the host key and
restores it following a system reboot.
A value of 'false' specifies that the host key will be held in memory
by both the SSH server and the SSH client and is not restored
following a system reboot."
DEFVAL { false }
::= { tmnxSSHServerObjs 1 }
tmnxSSHServerVersion OBJECT-TYPE
SYNTAX INTEGER {
version1 (1),
version2 (2),
both (3)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxSSHServerVersion specifies the SSH protocol version that will be
by supported by the SSH server.
A value of tmnxSSHServerVersion 'version1' specifies that the SSH
server will only accept connections from clients that support SSH
protocol version 1. A value of 'both' specifies that the SSH server
will accept connections from clients supporting either SSH protocol
version 1, or SSH protocol version 2 or both."
DEFVAL { version2 }
::= { tmnxSSHServerObjs 2 }
tmnxSourceIPTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSourceIPEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxSourceIPEntry has an entry for the source IP to be used by the
specified protocol."
::= { tmnxSecurityObjects 12 }
tmnxSourceIPEntry OBJECT-TYPE
SYNTAX TmnxSourceIPEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxSourceIPEntry is an entry (conceptual row) in the
tmnxSourceIPTable. Each entry represents the source IP address to be
used by the specified application for a particular Virtual Router
instance.
Entries in this table can be created and deleted via SNMP SET
operations to tmnxSourceIPRowStatus."
INDEX {
vRtrID,
tmnxSourceIPProtoApp
}
::= { tmnxSourceIPTable 1 }
TmnxSourceIPEntry ::= SEQUENCE
{
tmnxSourceIPProtoApp INTEGER,
tmnxSourceIPRowStatus RowStatus,
tmnxSourceIPAddressType InetAddressType,
tmnxSourceIPAddress InetAddress,
tmnxSourceIPIfIndex InterfaceIndexOrZero,
tmnxSourceIPOperStatus INTEGER
}
tmnxSourceIPProtoApp OBJECT-TYPE
SYNTAX INTEGER {
telnet (1),
ftp (2),
ssh (3),
radius (4),
tacplus (5),
snmpTrap (6),
syslog (7),
icmpPing (8),
traceRoute (9),
dns (10),
sntp (11),
ntp (12),
cflowd (13),
telnet6 (14),
ftp6 (15),
radius6 (16),
tacplus6 (17),
snmpTrap6 (18),
syslog6 (19),
icmpPing6 (20),
traceRoute6 (21),
dns6 (22),
ptp (23),
mcreporter (24),
cflowd6 (25),
ntp6 (26),
sFlow (27),
sFlow6 (28),
icmpError (29),
icmpError6 (30),
ldap (31),
ldap6 (32),
reserved33 (33)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxSourceIPProtoApp specifies the application which
should use the source IP address specified by the value of
tmnxSourceIPAddress.
tmnxSourceIPAddressType must be 'ipv6 (2)' when setting the value of
this object to 'telnet6 (14)', 'ftp6 (15)', 'radius6 (16)', 'tacplus6
(17)', 'snmpTrap6 (18)', 'syslog6 (19)', 'icmpPing6 (20)',
'traceRoute6 (21)', 'dns6 (22)', 'cflowd6 (25)', 'ntp6 (26)', 'sFlow6
(28)', 'icmpError6 (30)', 'ldap6 (32)' ."
::= { tmnxSourceIPEntry 2 }
tmnxSourceIPRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxSourceIPRowStatus is used to create or destroy
entries in this table.
A row entry for a particular vRtrID with tmnxSourceIPProtoApp set to
any value can be created only if the value of tmnxSourceIPAddress or
tmnxSourceIPIfIndex is specified."
::= { tmnxSourceIPEntry 3 }
tmnxSourceIPAddressType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxSourceIPAddressType specifies the address type of
tmnxSourceIPAddress address.
The value of tmnxSourceIPAddressType can be either of InetAddressType
- 'ipv4' or InetAddressType - 'ipv6'."
DEFVAL { unknown }
::= { tmnxSourceIPEntry 4 }
tmnxSourceIPAddress OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxSourceIPAddress specifies the source address that
should be used in all unsolicited packets sent by the application
specified by the value of tmnxSourceIPProtoApp. For the value
specified by tmnxSourceIPProtoApp, either of tmnxSourceIPAddress or
tmnxSourceIPIfIndex can be specified, but not both."
DEFVAL { ''H }
::= { tmnxSourceIPEntry 5 }
tmnxSourceIPIfIndex OBJECT-TYPE
SYNTAX InterfaceIndexOrZero
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"tmnxSourceIPIfIndex specifies the interface index whose IP address
should be used in all unsolicited packets sent by the application
specified by the value of tmnxSourceIPProtoApp. For the value
specified by tmnxSourceIPProtoApp, either of tmnxSourceIPAddress or
tmnxSourceIPIfIndex can be specified, but not both."
DEFVAL { 0 }
::= { tmnxSourceIPEntry 6 }
tmnxSourceIPOperStatus OBJECT-TYPE
SYNTAX INTEGER {
up (1),
down (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxSourceIPOperStatus indicates the state of
tmnxSourceIPEntry. A value of 'up' indicates that the IP address
specified by tmnxSourceIPAddress will be used for all unsolicited
packets sent by the application specified by the value of
tmnxSourceIPProtoApp."
DEFVAL { down }
::= { tmnxSourceIPEntry 7 }
tmnxUserTemplateTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxUserTemplateEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxUserTemplateTable contains configuration information for the
template of a system user."
::= { tmnxSecurityObjects 13 }
tmnxUserTemplateEntry OBJECT-TYPE
SYNTAX TmnxUserTemplateEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxUserTemplateEntry is an entry (conceptual row) in the
tmnxUserTemplateTable. Each entry represents the configuration for the
template of a system user. Entries in this table cannot be created or
deleted."
INDEX { IMPLIED tmnxTemplateName }
::= { tmnxUserTemplateTable 1 }
TmnxUserTemplateEntry ::= SEQUENCE
{
tmnxTemplateName TNamedItem,
tmnxTemplateAccess BITS,
tmnxTemplateHomeDirectory DisplayString,
tmnxTemplateRestrictedToHome TruthValue,
tmnxTemplateConsoleLoginExecFile DisplayString,
tmnxTemplateProfile TNamedItem
}
tmnxTemplateName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxTemplateName specifies the name of the template from
which a system user can be derived. This name must be unique amongst
the table entries."
::= { tmnxUserTemplateEntry 1 }
tmnxTemplateAccess OBJECT-TYPE
SYNTAX BITS {
console (0),
ftp (1),
grpc (2),
li (3),
netconf (4)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxTemplateAccess specifies the type of access
permitted to the user derived from this template. To allow this user
access to the console or FTP, set the corresponding bit in
tmnxTemplateAccess. Reset the bit to deny the access."
DEFVAL { { console } }
::= { tmnxUserTemplateEntry 2 }
tmnxTemplateHomeDirectory OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..200))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxTemplateHomeDirectory specifies the local home
directory on FTP and console access of the user derived from this
template."
DEFVAL { ''H }
::= { tmnxUserTemplateEntry 3 }
tmnxTemplateRestrictedToHome OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When the value of tmnxTemplateRestrictedToHome is 'true', the user
derived from this template is not allowed to navigate to directories
above his home directory for file access.
When the value of tmnxTemplateRestrictedToHome is 'false', the access
is allowed to directories above the home directory."
DEFVAL { false }
::= { tmnxUserTemplateEntry 4 }
tmnxTemplateConsoleLoginExecFile OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..200))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxTemplateConsoleLoginExecFile specifies the file that
should be executed whenever the user derived from this template has
successfully logged in to a console session."
DEFVAL { ''H }
::= { tmnxUserTemplateEntry 5 }
tmnxTemplateProfile OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxTemplateProfile specifies the user profile entry from
the tmnxUserProfileTable that will be applied to the user derived from
this template.
For users authenticated by TACACS+, the profile specified by
tmnxTemplateProfile will only apply if TACACS+ command authorization
is disabled as specified by tmnxTacPlusAuthorization being set to
'false'."
DEFVAL { "default" }
::= { tmnxUserTemplateEntry 6 }
tmnxKeyChainTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxKeyChainEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxKeyChainEntry has an entry for a particular configured
keychain used by the protocol session."
::= { tmnxSecurityObjects 14 }
tmnxKeyChainEntry OBJECT-TYPE
SYNTAX TmnxKeyChainEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxKeyChainEntry is an entry (conceptual row) in the
tmnxKeyChainTable. Each entry represents the keychain configuration
which will be applied to a protocol session.
Entries in this table can be created and deleted via SNMP SET
operations to tmnxKeyChainRowStatus."
INDEX { tmnxKeyChainName }
::= { tmnxKeyChainTable 1 }
TmnxKeyChainEntry ::= SEQUENCE
{
tmnxKeyChainName TNamedItem,
tmnxKeyChainRowStatus RowStatus,
tmnxKeyChainDescription TItemDescription,
tmnxKeyChainSendTcpOptionNum TmnxKeyChainTcpOptionNum,
tmnxKeyChainReceiveTcpOptionNum TmnxKeyChainTcpOptionNum,
tmnxKeyChainAdminState TmnxAdminState,
tmnxKeyChainOperState TmnxOperState,
tmnxKeyChainExpired TruthValue
}
tmnxKeyChainName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxKeyChainName specifies a unique keychain name which
identifies this particular keychain entry."
::= { tmnxKeyChainEntry 1 }
tmnxKeyChainRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainRowStatus is used to create or destroy
entries in this table."
::= { tmnxKeyChainEntry 2 }
tmnxKeyChainDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainDescription specifies the description of the
key chain identified by the keychain name tmnxKeyChainName."
DEFVAL { ''H }
::= { tmnxKeyChainEntry 3 }
tmnxKeyChainSendTcpOptionNum OBJECT-TYPE
SYNTAX TmnxKeyChainTcpOptionNum
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainSendTcpOptionNum specifies the TCP option
value to use in the TCP header of packets being sent by the router to
another device.
The value of tmnxKeyChainSendTcpOptionNum is valid only when
tmnxKeyChainAuthenticationKey is used to sign and/or authenticate the
TCP protocol stream."
DEFVAL { value254 }
::= { tmnxKeyChainEntry 4 }
tmnxKeyChainReceiveTcpOptionNum OBJECT-TYPE
SYNTAX TmnxKeyChainTcpOptionNum
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainReceiveTcpOptionNum specifies the TCP option
value to check for in the TCP header of packets being received by the
router.
The value of tmnxKeyChainReceiveTcpOptionNum is valid only when
tmnxKeyChainAuthenticationKey is used to sign and/or authenticate the
TCP protocol stream."
DEFVAL { value254 }
::= { tmnxKeyChainEntry 5 }
tmnxKeyChainAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainAdminState specifies the desired
administrative state of the keychain. If the value is 'outOfService'
the keychain capabilities are disabled but the keychain configuration
parameters are retained."
DEFVAL { inService }
::= { tmnxKeyChainEntry 6 }
tmnxKeyChainOperState OBJECT-TYPE
SYNTAX TmnxOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxKeyChainOperState indicates the operational state of
the keychain. A value of 'inService' indicates that the key chain can
be used to sign and/or authenticate protocol streams."
::= { tmnxKeyChainEntry 7 }
tmnxKeyChainExpired OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxKeyChainExpired specifies whether this keychain is
expired or not."
DEFVAL { false }
::= { tmnxKeyChainEntry 8 }
tmnxKeyChainKeyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxKeyChainKeyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxKeyChainKeyEntry has an entry for a particular configured key
that will be used in a particular keychain defined by
tmnxKeyChainEntry in tmnxKeyChainTable."
::= { tmnxSecurityObjects 15 }
tmnxKeyChainKeyEntry OBJECT-TYPE
SYNTAX TmnxKeyChainKeyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxKeyChainKeyEntry is an entry (conceptual row) in the
tmnxKeyChainKeyTable. Each entry represents the key configuration
which will be applied to a keychain.
Entries in this table can be created and deleted via SNMP SET
operations to tmnxKeyChainKeyRowStatus."
INDEX {
tmnxKeyChainName,
tmnxKeyChainKeyDirection,
tmnxKeyChainKeyID
}
::= { tmnxKeyChainKeyTable 1 }
TmnxKeyChainKeyEntry ::= SEQUENCE
{
tmnxKeyChainKeyDirection TmnxKeyChainKeyDirection,
tmnxKeyChainKeyID Unsigned32,
tmnxKeyChainKeyRowStatus RowStatus,
tmnxKeyChainAuthenticationKey OCTET STRING,
tmnxKeyChainKeyAlgorithm TmnxKeyChainKeyAlgorithm,
tmnxKeyChainKeyBeginTime DateAndTime,
tmnxKeyChainKeyEndTime DateAndTime,
tmnxKeyChainKeyTolerance Unsigned32,
tmnxKeyChainKeyAdminState TmnxAdminState,
tmnxKeyChainKeyOption TmnxKeyChainKeyOption
}
tmnxKeyChainKeyDirection OBJECT-TYPE
SYNTAX TmnxKeyChainKeyDirection
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxKeyChainKeyDirection is used to specify the
protocol-stream direction to encrypt.
A value of 'send' specifies that this key entry will be used to sign
protocol packets that are being sent by the router to another device.
A value of 'receive' specifies this key entry will be used to
authenticate protocol packets that are being received by the router.
A value of 'send-receive' specifies that this key will be used to sign
protocol packet that are being sent by the router to another device,
as well as to authenticate protocol packets that are being received by
the router."
::= { tmnxKeyChainKeyEntry 1 }
tmnxKeyChainKeyID OBJECT-TYPE
SYNTAX Unsigned32 (0..63 | 255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxKeyChainKeyID specifies a key id which is used along
with tmnxKeyChainName and tmnxKeyChainKeyDirection to uniquely
identify this particular key entry.
A value of 255 identifies this as a 'null-key' entry which enables the
transition from an unauthenticated session to an enhanced
authentication session."
::= { tmnxKeyChainKeyEntry 2 }
tmnxKeyChainKeyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainKeyRowStatus is used to create or destroy
entries in this table.
tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm must be set
in the same SNMP request PDU as tmnxKeyChainKeyRowStatus during row
creation else the set request will fail with an inconsistentValue
error."
::= { tmnxKeyChainKeyEntry 3 }
tmnxKeyChainAuthenticationKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..20))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainAuthenticationKey specifies the key that will
be used by the encryption algorithm specified by
tmnxKeyChainKeyAlgorithm. tmnxKeyChainAuthenticationKey is used to
sign and authenticate a protocol packet.
The value of tmnxKeyChainAuthenticationKey can be any combination of
letters or numbers.
tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which
indicates the encryption algorithm to be used, must be set together in
the same SNMP request PDU or else the set request will fail with an
inconsistentValue error.
When read, tmnxKeyChainAuthenticationKey always returns an Octet
string of length zero."
::= { tmnxKeyChainKeyEntry 4 }
tmnxKeyChainKeyAlgorithm OBJECT-TYPE
SYNTAX TmnxKeyChainKeyAlgorithm
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainKeyAlgorithm specifies the algorithm that
will be used to sign and/or authenticate the protocol stream.
tmnxKeyChainAuthenticationKey and tmnxKeyChainKeyAlgorithm, which
indicates the encryption algorithm to be used, must be set together in
the same SNMP request PDU or else the set request will fail with an
inconsistentValue error."
::= { tmnxKeyChainKeyEntry 5 }
tmnxKeyChainKeyBeginTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainKeyBeginTime specifies the calendar date and
time after which the key specified by tmnxKeyChainAuthenticationKey
will be used to sign and/or authenticate the protocol stream.
If no date and time is set, tmnxKeyChainKeyBeginTime is represented by
a DateAndTime string with all NULLs and the key is not valid by
default."
DEFVAL { '0000000000000000'H }
::= { tmnxKeyChainKeyEntry 6 }
tmnxKeyChainKeyEndTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainKeyEndTime specifies the calendar date and
time after which the key specified by tmnxKeyChainAuthenticationKey is
no longer eligible to sign and/or authenticate the protocol stream.
tmnxKeyChainKeyEndTime is not applicable when tmnxKeyChainKeyDirection
is set to 'send' or 'send-receive'.
If no date and time is set, tmnxKeyChainKeyEndTime is represented by a
DateAndTime string with all NULLs and the key is valid indefinitely."
DEFVAL { '0000000000000000'H }
::= { tmnxKeyChainKeyEntry 7 }
tmnxKeyChainKeyTolerance OBJECT-TYPE
SYNTAX Unsigned32 (0..4294967295)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainKeyTolerance specifies the number of seconds
that a eligible receive key should overlap with the active send key.
tmnxKeyChainKeyTolerance is valid only when tmnxKeyChainKeyDirection
is set to 'send-receive' or 'receive'."
DEFVAL { 300 }
::= { tmnxKeyChainKeyEntry 8 }
tmnxKeyChainKeyAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainKeyAdminState specifies the desired
administrative state of the particular key in the keychain. When the
value is 'outOfService' the keychain capabilities are disabled but the
particular key's configuration parameters are retained."
DEFVAL { inService }
::= { tmnxKeyChainKeyEntry 9 }
tmnxKeyChainKeyOption OBJECT-TYPE
SYNTAX TmnxKeyChainKeyOption
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxKeyChainKeyOption specifies the description of the
key chain identified by the keychain name tmnxKeyChainName."
DEFVAL { none }
::= { tmnxKeyChainKeyEntry 10 }
tmnxSecurityNotificationObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 16 }
tmnxKeyChainAuthFailReason OBJECT-TYPE
SYNTAX INTEGER {
other (1),
noEnhAuthOptionRecvd (2),
invalidOptionLen (3),
mismatchRecvOption (4),
invalidKeyId (5),
digestMismatch (6),
mismatchAlgId (7),
notConfigured (9),
noTcpAuthOptionRecvd (10)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"tmnxKeyChainAuthFailReason is used by tmnxKeyChainAuthFailure to
notify the reason for the keychain authentication failure."
::= { tmnxSecurityNotificationObjs 1 }
tmnxKeyChainAuthAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxKeyChainAuthAddrType indicates the address
type (ipv4 or ipv6) of the source address in the authentication
packet."
::= { tmnxSecurityNotificationObjs 2 }
tmnxKeyChainAuthAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxKeyChainAuthAddr indicates the source
address in the authentication packet."
::= { tmnxSecurityNotificationObjs 3 }
tmnxMD5AuthFailReason OBJECT-TYPE
SYNTAX INTEGER {
digestMismatch (1),
noMD5OptionRcvd (2),
invalidOptionLen (3),
notConfigured (5)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"tmnxMD5AuthFailReason is used by tmnxMD5AuthFailure to notify the
reason for the MD5 authentication failure."
::= { tmnxSecurityNotificationObjs 4 }
tmnxMD5AuthAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxMD5AuthAddrType indicates the address type
(ipv4 or ipv6) of the source address in the authentication packet."
::= { tmnxSecurityNotificationObjs 5 }
tmnxMD5AuthAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxMD5AuthAddr indicates the source address
in the authentication packet."
::= { tmnxSecurityNotificationObjs 6 }
tmnxMD5AuthKey OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..255))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxMD5AuthKey indicates the MD5 key used for
authentication."
::= { tmnxSecurityNotificationObjs 7 }
tmnxCpmProtPolId OBJECT-TYPE
SYNTAX TCpmProtPolicyID (1..255)
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxCpmProtPolId indicates the policy index of
the cpm protection policy."
::= { tmnxSecurityNotificationObjs 8 }
tmnxSecNotifFailureReason OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSecNotifFailureReason indicates the reason
for the generation of the notification."
::= { tmnxSecurityNotificationObjs 9 }
tmnxSecNotifFile OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSecNotifFile indicates the file associated
with the notification."
::= { tmnxSecurityNotificationObjs 10 }
tmnxSecNotifTunnelName OBJECT-TYPE
SYNTAX TXLNamedItemOrEmpty
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSecNotifTunnelName indicates the name of
tunnel associated with the notification."
::= { tmnxSecurityNotificationObjs 11 }
tmnxSecNotifCert OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSecNotifCert indicates the certificate
name associated with the notification."
::= { tmnxSecurityNotificationObjs 12 }
tmnxSecNotifOrigProtocol OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxSecNotifOrigProtocol indicates the originating
protocol that generated the notification."
::= { tmnxSecurityNotificationObjs 13 }
tmnxPkiExpRemainingHours OBJECT-TYPE
SYNTAX Unsigned32
UNITS "hours"
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxPkiExpRemainingHours indicates the time (in hours)
remaining for the certificate or CRL (certificate revocation list) to
expire."
::= { tmnxSecurityNotificationObjs 14 }
tmnxPkiExpRemainingMinutes OBJECT-TYPE
SYNTAX Unsigned32
UNITS "minutes"
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxPkiExpRemainingMinutes indicates the time (in
minutes) remaining for the certificate or CRL (certificate revocation
list) to expire."
::= { tmnxSecurityNotificationObjs 15 }
tmnxPkiExpReason OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxPkiExpReason indicates the reason why the expiration
warning for a certificate or CRL (certificate revocation list) no
longer applies."
::= { tmnxSecurityNotificationObjs 16 }
tmnxSecNotifFileType OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxSecNotifFileType indicates the file type (certificate
or key) associated with the notification."
::= { tmnxSecurityNotificationObjs 17 }
tmnxSecPwdHistLoadFailReason OBJECT-TYPE
SYNTAX INTEGER {
notFound (1),
corrupted (2)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"tmnxSecPwdHistLoadFailReason is used by
tmnxSecPwdHistoryFileLoadFailed to notify the reason for the failure
to load the password history."
::= { tmnxSecurityNotificationObjs 18 }
tmnxPkiCAProfileNameForNotify OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfileNameForNotify indicates the name of the
Certificate-Authority profile."
::= { tmnxSecurityNotificationObjs 19 }
tmnxSecNotifFileSize OBJECT-TYPE
SYNTAX CounterBasedGauge64
UNITS "bytes"
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxSecNotifFileSize indicates the size of the file to be
written at the path specified in tmnxSecNotifFile."
::= { tmnxSecurityNotificationObjs 20 }
tmnxSessionLimitExceededName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSessionLimitExceededName indicates the
name of the object of which the session limit has been exceeded."
::= { tmnxSecurityNotificationObjs 21 }
tmnxSessionLimitExceededType OBJECT-TYPE
SYNTAX INTEGER {
sshSessionLimit (1),
telnetSessionLimit (2),
totalSessionLimit (3)
}
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSessionLimitExceededType indicates the
type of the session limit that has been exceeded.
sshSessionLimit (1): limit for number of concurrent SSH user
access sessions
telnetSessionLimit (2): limit for number of concurrent Telnet user
access sessions
totalSessionLimit (3): limit for number of all concurrent user
access sessions"
::= { tmnxSecurityNotificationObjs 22 }
tmnxSecNotifyUserName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSecNotifyUserName indicates the name of a
system user for a security notification."
::= { tmnxSecurityNotificationObjs 23 }
tmnxSecNotifyAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSecNotifyAddrType indicates the type of
the IP address stored in the object tmnxSecNotifyAddr."
::= { tmnxSecurityNotificationObjs 24 }
tmnxSecNotifyAddr OBJECT-TYPE
SYNTAX InetAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSecNotifyAddr indicates an IP address for
a security notification."
::= { tmnxSecurityNotificationObjs 25 }
tmnxSecNotifClientAppName OBJECT-TYPE
SYNTAX TXLNamedItemOrEmpty
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of the object tmnxSecNotifClientAppName indicates the name
of the client application associated with the notification."
::= { tmnxSecurityNotificationObjs 26 }
tmnxSecurityCpmProtNotificationObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 17 }
tmnxCpmProtViolMacAddress OBJECT-TYPE
SYNTAX MacAddress
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolMacAddress indicates the MAC address of
the source.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxSecurityCpmProtNotificationObjs 1 }
tmnxCpmProtViolMacPeriods OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolMacPeriods indicates the number of times
the per-source rate limit violation was detected for this source.
The sampling interval length is indicated by the object
tmnxCpmProtDetectPeriod.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxSecurityCpmProtNotificationObjs 2 }
tmnxCpmProtViolExcdPktHexDump OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (0..64))
MAX-ACCESS accessible-for-notify
STATUS current
DESCRIPTION
"The value of tmnxCpmProtViolExcdPktHexDump contains at most the first
64 bytes (octets) of the first packet that was detected as exceeding
the configured rate.
This object is not supported on SR-1 and ESS-1, where the value of
TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxSecurityCpmProtNotificationObjs 3 }
tmnxPkiSecurityObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 18 }
tmnxPkiMaxCertChainDepth OBJECT-TYPE
SYNTAX Unsigned32 (1..7)
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxPkiMaxCertChainDepth specifies maximum depth of certificate
chain verification."
DEFVAL { 7 }
::= { tmnxPkiSecurityObjs 1 }
tmnxPkiCAProfileTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value of the object tmnxPkiCAProfileTableLastChanged indicates
the timestamp of the last change to the tmnxPkiCAProfileTable. A value
of zero indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxPkiSecurityObjs 2 }
tmnxPkiCAProfileTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxPkiCAProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCAProfileTable is the Certificate-Authority profile table.
Entries are created and deleted by the user."
::= { tmnxPkiSecurityObjs 3 }
tmnxPkiCAProfileEntry OBJECT-TYPE
SYNTAX TmnxPkiCAProfileEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single Certificate-Authority profile."
INDEX { tmnxPkiCAProfile }
::= { tmnxPkiCAProfileTable 1 }
TmnxPkiCAProfileEntry ::= SEQUENCE
{
tmnxPkiCAProfile TNamedItem,
tmnxPkiCAProfileRowStatus RowStatus,
tmnxPkiCAProfileLastChanged TimeStamp,
tmnxPkiCAProfileDescr TItemDescription,
tmnxPkiCAProfileCRLFile DisplayString,
tmnxPkiCAProfileCertFile DisplayString,
tmnxPkiCAProfileAdminState TmnxAdminState,
tmnxPkiCAProfileOperState TmnxOperState,
tmnxPkiCAProfileOperFlags BITS,
tmnxPkiCAProfOcspRespUrl DisplayString,
tmnxPkiCAProfOcspSvcID TmnxServId,
tmnxPkiCAProfOcspVerifyCertFile DisplayString,
tmnxPkiCAProfOcspVerifyCertCA TruthValue,
tmnxPkiCAProfOcspVerifyCertOvr TruthValue,
tmnxPkiCAProfCmpHttpTimeout Unsigned32,
tmnxPkiCAProfCmpUrl DisplayString,
tmnxPkiCAProfCmpSvcID TmnxServId,
tmnxPkiCAProfCmpRespSignCert DisplayString,
tmnxPkiCAProfCmpAccUnprotErr TruthValue,
tmnxPkiCAProfCmpAccUnprotPki TruthValue,
tmnxPkiCAProfCmpSameRecipNonce TruthValue,
tmnxPkiCAProfCmpAlSetSndrForIr TruthValue,
tmnxPkiCAProfCmpHttpVersion INTEGER,
tmnxPkiCAProfRevokeChk INTEGER,
tmnxPkiCAProfCmpSvcName TLNamedItemOrEmpty,
tmnxPkiCAProfOcspSvcName TLNamedItemOrEmpty,
tmnxPkiCAProfOcspTransProf TNamedItemOrEmpty
}
tmnxPkiCAProfile OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCAProfile specifies the name of the Certificate-Authority
profile."
::= { tmnxPkiCAProfileEntry 1 }
tmnxPkiCAProfileRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The tmnxPkiCAProfileRowStatus specifies row status for the
Certificate-Authority profile."
::= { tmnxPkiCAProfileEntry 2 }
tmnxPkiCAProfileLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfileLastChanged is the timestamp of last
change to this row in tmnxPkiCAProfileTable."
::= { tmnxPkiCAProfileEntry 3 }
tmnxPkiCAProfileDescr OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfileDescr specifies the description of the
Certificate-Authority profile."
DEFVAL { ''H }
::= { tmnxPkiCAProfileEntry 4 }
tmnxPkiCAProfileCRLFile OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfileCRLFile specifies the name of the
Certificate Revocation List (CRL) file."
DEFVAL { ''H }
::= { tmnxPkiCAProfileEntry 5 }
tmnxPkiCAProfileCertFile OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfileCertFile specifies the name of the
Certificate file."
DEFVAL { ''H }
::= { tmnxPkiCAProfileEntry 6 }
tmnxPkiCAProfileAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfileAdminState specifies the administrative
state of this Certificate-Authority profile."
DEFVAL { outOfService }
::= { tmnxPkiCAProfileEntry 7 }
tmnxPkiCAProfileOperState OBJECT-TYPE
SYNTAX TmnxOperState
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfileOperState indicates the current
operational status of this Certificate-Authority profile."
::= { tmnxPkiCAProfileEntry 8 }
tmnxPkiCAProfileOperFlags OBJECT-TYPE
SYNTAX BITS {
adminDown (0),
invalidCrl (1),
invalidCert (2),
invalidCmpv2SigningCert (3),
expiredCrl (4),
expiredCert (5),
expiredCmpv2SigningCert (6),
notYetValidCrl (7),
notYetValidCert (8),
notYetValidCmpv2SigningCert (9),
loadingCrl (10),
loadingCert (11),
loadingCmpv2SigningCert (12)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfileOperFlags indicates the reason that this
Certificate-Authority profile is not in service. I.e.,
tmnxPkiCAProfileOperState has the value 'outOfService':
adminDown - tmnxPkiCAProfileAdminState is
'outOfService (3)'
invalidCrl - CRL file is invalid or could not be found
invalidCert - Certificate file is invalid or could not
be found
invalidCmpv2SigningCert - CMPv2 Signing Cert file is invalid
expiredCrl - CRL file is expired
expiredCert - Certificate file is expired
expiredCmpv2SigningCert - CMPv2 Signing Cert file is expired
notYetValidCrl - CRL file is not yet valid
notYetValidCert - Certificate file is not yet valid
notYetValidCmpv2SigningCert - CMPv2 Signing Certificate file is not yet
valid
loadingCrl - CRL file is loading now
loadingCert - Certificate file is loading now
loadingCmpv2SigningCert - CMPv2 Signing Certificate file is loading
now"
::= { tmnxPkiCAProfileEntry 9 }
tmnxPkiCAProfOcspRespUrl OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfOcspRespUrl specifies the URL of the OCSP
(Online Certificate Status Protocol) responder."
DEFVAL { ''H }
::= { tmnxPkiCAProfileEntry 10 }
tmnxPkiCAProfOcspSvcID OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfOcspSvcID specifies the IES or VPRN service
router instance in which to reach the OCSP (Online Certificate Status
Protocol) URL (tmnxPkiCAProfOcspUrl).
The value of tmnxPkiCAProfOcspSvcID must be zero when
tmnxPkiCAProfOcspSvcName is not default and vice-versa.
When the values of tmnxPkiCAProfOcspSvcID and tmnxPkiCAProfOcspSvcName
are both default, the Base router instance is used."
DEFVAL { 0 }
::= { tmnxPkiCAProfileEntry 11 }
tmnxPkiCAProfOcspVerifyCertFile OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfOcspVerifyCertFile specifies the location
and name of the certificate file which is used to verify the OCSP
(Online Certificate Status Protocol) response."
DEFVAL { ''H }
::= { tmnxPkiCAProfileEntry 12 }
tmnxPkiCAProfOcspVerifyCertCA OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfOcspVerifyCertCA specifies whether to use
certificate file configured in CA profile to verify the OCSP (Online
Certificate Status Protocol) response."
DEFVAL { true }
::= { tmnxPkiCAProfileEntry 13 }
tmnxPkiCAProfOcspVerifyCertOvr OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfOcspVerifyCertOvr specifies whether to allow
the system to use the certificate in the OCSP (Online Certificate
Status Protocol) response if present, instead of the certificate
configured by tmnxPkiCAProfOcspVerifyCertFile or
tmnxPkiCAProfOcspVerifyCertCA."
DEFVAL { true }
::= { tmnxPkiCAProfileEntry 14 }
tmnxPkiCAProfCmpHttpTimeout OBJECT-TYPE
SYNTAX Unsigned32 (1..3600)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpHttpTimeout specifies the timeout
interval Certificate Management Protocol version 2 (CMPv2) requests to
the CA server."
DEFVAL { 30 }
::= { tmnxPkiCAProfileEntry 15 }
tmnxPkiCAProfCmpUrl OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpUrl specifies the URL of the CA server."
DEFVAL { ''H }
::= { tmnxPkiCAProfileEntry 16 }
tmnxPkiCAProfCmpSvcID OBJECT-TYPE
SYNTAX TmnxServId
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpSvcID specifies the IES or VPRN service
router instance in which to reach the CMP URL (tmnxPkiCAProfCmpUrl).
The value of tmnxPkiCAProfCmpSvcID must be zero when
tmnxPkiCAProfCmpSvcName is not default and vice-versa.
When values of tmnxPkiCAProfCmpSvcName and tmnxPkiCAProfCmpSvcID are
both default, the system first checks the management router instance.
If the management router instance is unreachable, the Base router
instance is used."
DEFVAL { 0 }
::= { tmnxPkiCAProfileEntry 17 }
tmnxPkiCAProfCmpRespSignCert OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..180))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpRespSignCert specifies the location and
name of the certificate file which is used to verify the signature of
the response."
DEFVAL { ''H }
::= { tmnxPkiCAProfileEntry 18 }
tmnxPkiCAProfCmpAccUnprotErr OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpAccUnprotErr specifies whether to accept
unprotected error messages in this profile for CMPv2."
DEFVAL { false }
::= { tmnxPkiCAProfileEntry 19 }
tmnxPkiCAProfCmpAccUnprotPki OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpAccUnprotPki specifies whether to accept
unprotected PKI configuration messages in this profile for CMPv2."
DEFVAL { false }
::= { tmnxPkiCAProfileEntry 20 }
tmnxPkiCAProfCmpSameRecipNonce OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpSameRecipNonce specifies whether to use
the same recipient nonce for poll requests."
DEFVAL { false }
::= { tmnxPkiCAProfileEntry 21 }
tmnxPkiCAProfCmpAlSetSndrForIr OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpAlSetSndrForIr specifies whether to
always set the sender field in CMPv2 header of all Initial
Registration (IR) messages with the subject name for this CA profile.
The subject name is available in the IR message body, but certain CA
implementation may require it in the sender field of the message
header as well. By default, the sender field is only set if an
optional certificate is specified in the CMPv2 request."
DEFVAL { false }
::= { tmnxPkiCAProfileEntry 22 }
tmnxPkiCAProfCmpHttpVersion OBJECT-TYPE
SYNTAX INTEGER {
v10 (1),
v11 (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpHttpVersion specifies the HTTP version
used in CMPv2 requests. The system by default uses HTTP version 1.1
unless explicitly specified."
DEFVAL { v11 }
::= { tmnxPkiCAProfileEntry 23 }
tmnxPkiCAProfRevokeChk OBJECT-TYPE
SYNTAX INTEGER {
crl (1),
crlOptional (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfRevokeChk specifies the method system uses
to verify the revocation status of certificates issued by the CA."
DEFVAL { crl }
::= { tmnxPkiCAProfileEntry 24 }
tmnxPkiCAProfCmpSvcName OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpSvcName specifies the IES or VPRN service
name in which to reach the CMP URL (tmnxPkiCAProfCmpUrl).
The value of tmnxPkiCAProfCmpSvcName must be empty when
tmnxPkiCAProfCmpSvcID is not default and vice-versa.
When the values of tmnxPkiCAProfCmpSvcName and tmnxPkiCAProfCmpSvcID
are both default, the system first checks the management router
instance. If the management router instance is unreachable, the Base
router instance is used."
DEFVAL { ''H }
::= { tmnxPkiCAProfileEntry 25 }
tmnxPkiCAProfOcspSvcName OBJECT-TYPE
SYNTAX TLNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfOcspSvcName specifies the IES or VPRN
service name in which to reach the OCSP (Online Certificate Status
Protocol) URL (tmnxPkiCAProfOcspUrl).
The value of tmnxPkiCAProfOcspSvcName must be empty when
tmnxPkiCAProfOcspSvcID is not default and vice-versa.
When the values of tmnxPkiCAProfOcspSvcName and tmnxPkiCAProfOcspSvcID
are both default, the Base router instance is used.
Managers are encouraged to use tmnxPkiCAProfOcspTransProf (instead of
tmnxPkiCAProfOcspSvcName) because tmnxPkiCAProfOcspSvcName will be
deleted in a future release."
DEFVAL { ''H }
::= { tmnxPkiCAProfileEntry 26 }
tmnxPkiCAProfOcspTransProf OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfOcspTransProf specifies the name of the file
transmission profile to be matched.
Transmission profiles are configured using tmnxSysFileTransProfTable.
Managers are encouraged to use tmnxPkiCAProfOcspTransProf (instead of
tmnxPkiCAProfOcspSvcName) because tmnxPkiCAProfOcspSvcName will be
deleted in a future release."
DEFVAL { "" }
::= { tmnxPkiCAProfileEntry 27 }
tmnxPkiCAProfCmpKeyTblLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value of the object tmnxPkiCAProfCmpKeyTblLastChgd indicates the
timestamp of the last change to the tmnxPkiCAProfCmpKeyTable. A value
of zero indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxPkiSecurityObjs 4 }
tmnxPkiCAProfCmpKeyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxPkiCAProfCmpKeyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCAProfCmpKeyTable contains the CA's initial authentication
keys used for authentication in message exchanges with the CA server."
::= { tmnxPkiSecurityObjs 5 }
tmnxPkiCAProfCmpKeyEntry OBJECT-TYPE
SYNTAX TmnxPkiCAProfCmpKeyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single CA initial authentication key."
INDEX {
tmnxPkiCAProfile,
tmnxPkiCAProfCmpKeyRefnum
}
::= { tmnxPkiCAProfCmpKeyTable 1 }
TmnxPkiCAProfCmpKeyEntry ::= SEQUENCE
{
tmnxPkiCAProfCmpKeyRefnum DisplayString,
tmnxPkiCAProfCmpKeyRowStatus RowStatus,
tmnxPkiCAProfCmpKeyLastChanged TimeStamp,
tmnxPkiCAProfCmpKeySecret DisplayString
}
tmnxPkiCAProfCmpKeyRefnum OBJECT-TYPE
SYNTAX DisplayString (SIZE (1..64))
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpKeyRefnum specifies the reference number
for this CA initial authentication key."
::= { tmnxPkiCAProfCmpKeyEntry 1 }
tmnxPkiCAProfCmpKeyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpKeyRowStatus specifies row status for the
Certificate-Authority profile."
::= { tmnxPkiCAProfCmpKeyEntry 2 }
tmnxPkiCAProfCmpKeyLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpKeyLastChanged is the timestamp of last
change to this row in tmnxPkiCAProfCmpKeyTable."
::= { tmnxPkiCAProfCmpKeyEntry 3 }
tmnxPkiCAProfCmpKeySecret OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..64))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCmpKeySecret specifies the shared secret for
this CA initial authentication key.
This object will always return an empty string on a read.
The value of tmnxPkiCAProfCmpKeySecret must be specified at the time
of row creation."
DEFVAL { ''H }
::= { tmnxPkiCAProfCmpKeyEntry 4 }
tmnxPkiCertDisplayFormat OBJECT-TYPE
SYNTAX INTEGER {
ascii (1),
utf8 (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCertDisplayFormat specifies the display format
used for Certificates and Certificate Revocation Lists."
DEFVAL { ascii }
::= { tmnxPkiSecurityObjs 7 }
tmnxPkiCertExpWarningHours OBJECT-TYPE
SYNTAX Integer32 (-1..8760)
UNITS "hours"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPkiCertExpWarningHours specifies the time period (in
hours) at which the system will generate the
tmnxPkiCertBeforeExpWarning trap for all in-use certificates before
expiration. If tmnxPkiCertExpWarningHours is configured, the system
will also generate the tmnxPkiCertAfterExpWarning trap when a
certificate expires.
If both tmnxPkiCertExpWarningHours and tmnxPkiCertExpWarningRepeatHrs
are configured to 0, the system will only generate the
tmnxPkiCertAfterExpWarning trap when a certificate expires.
A value of -1 indicates that tmnxPkiCertExpWarningHours is not
configured. In this case, the system will not generate a trap even
when a certificate expires.
The objects tmnxPkiCertExpWarningHours and
tmnxPkiCertExpWarningRepeatHrs have to be set together for the
specific action to be performed."
DEFVAL { -1 }
::= { tmnxPkiSecurityObjs 8 }
tmnxPkiCertExpWarningRepeatHrs OBJECT-TYPE
SYNTAX Integer32 (0..8760)
UNITS "hours"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPkiCertExpWarningRepeatHrs specifies the time period
(in hours) at which the system will repeatedly generate the
tmnxPkiCertBeforeExpWarning trap for all in-use certificates before
expiration.
If both tmnxPkiCertExpWarningHours and tmnxPkiCertExpWarningRepeatHrs
are configured to 0, the system will only generate the
tmnxPkiCertAfterExpWarning trap when a certificate expires.
The objects tmnxPkiCertExpWarningHours and
tmnxPkiCertExpWarningRepeatHrs have to be set together for the
specific action to be performed."
DEFVAL { 0 }
::= { tmnxPkiSecurityObjs 9 }
tmnxPkiCRLExpWarningHours OBJECT-TYPE
SYNTAX Integer32 (-1..8760)
UNITS "hours"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPkiCRLExpWarningHours specifies the time period (in
hours) at which the system will generate the
tmnxPkiCRLBeforeExpWarning trap for all in-use CRLs (certificate
revocation lists) before expiration. If tmnxPkiCRLExpWarningHours is
configured, the system will also generate the
tmnxPkiCRLAfterExpWarning trap when a CRL expires.
If both tmnxPkiCRLExpWarningHours and tmnxPkiCRLExpWarningRepeatHrs
are configured to 0, the system will only generate the
tmnxPkiCRLAfterExpWarning trap when a CRL expires.
A value of -1 indicates that tmnxPkiCRLExpWarningHours is not
configured. In this case, the system will not generate a trap even
when a CRL expires.
The objects tmnxPkiCRLExpWarningHours and
tmnxPkiCRLExpWarningRepeatHrs have to be set together for the specific
action to be performed."
DEFVAL { -1 }
::= { tmnxPkiSecurityObjs 10 }
tmnxPkiCRLExpWarningRepeatHrs OBJECT-TYPE
SYNTAX Integer32 (0..8760)
UNITS "hours"
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPkiCRLExpWarningRepeatHrs specifies the time period
(in hours) at which the system will repeatedly generate
tmnxPkiCRLBeforeExpWarning trap for all in-use CRLs (certificate
revocation lists) before expiration.
If both tmnxPkiCRLExpWarningHours and tmnxPkiCRLExpWarningRepeatHrs
are configured to 0, the system will only generate the
tmnxPkiCRLAfterExpWarning trap when a CRL expires.
The objects tmnxPkiCRLExpWarningHours and
tmnxPkiCRLExpWarningRepeatHrs have to be set together for the specific
action to be performed."
DEFVAL { 0 }
::= { tmnxPkiSecurityObjs 11 }
tmnxPkiCAProfAtCrlUpdTblLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdTblLstChgd indicates the time, since
system startup, when tmnxPkiCAProfAtCrlUpdTable last changed
configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxPkiSecurityObjs 12 }
tmnxPkiCAProfAtCrlUpdTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxPkiCAProfAtCrlUpdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCAProfAtCrlUpdTable contains objects used to configure
instances of automated Certificate Revocation List (CRL) updates."
::= { tmnxPkiSecurityObjs 13 }
tmnxPkiCAProfAtCrlUpdEntry OBJECT-TYPE
SYNTAX TmnxPkiCAProfAtCrlUpdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each tmnxPkiCAProfAtCrlUpdEntry contains the configuration for one
automated Certificate Revocation List (CRL) update.
Rows in tmnxPkiCAProfAtCrlUpdTable can only be created and destroyed
via SNMP set operations to tmnxPkiCAProfAtCrlUpdRowStatus, when an
associated row exists in tmnxPkiCAProfileTable."
INDEX { tmnxPkiCAProfile }
::= { tmnxPkiCAProfAtCrlUpdTable 1 }
TmnxPkiCAProfAtCrlUpdEntry ::= SEQUENCE
{
tmnxPkiCAProfAtCrlUpdRowStatus RowStatus,
tmnxPkiCAProfAtCrlUpdLastChgd TimeStamp,
tmnxPkiCAProfAtCrlUpdAdminState TmnxAdminState,
tmnxPkiCAProfAtCrlUpdScheduleT INTEGER,
tmnxPkiCAProfAtCrlUpdPrdcUpdIntv Unsigned32,
tmnxPkiCAProfAtCrlUpdPreUpdTime Unsigned32,
tmnxPkiCAProfAtCrlUpdRetryIntv Unsigned32,
tmnxPkiCAProfAtCrlUpdLstSucsEtId Unsigned32,
tmnxPkiCAProfAtCrlUpdLstSucsTmSt Unsigned32,
tmnxPkiCAProfAtCrlUpdLstSucsTmEd Unsigned32,
tmnxPkiCAProfAtCrlUpdNxCrlUpdTm Unsigned32
}
tmnxPkiCAProfAtCrlUpdRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdRowStatus specifies the status of
this row. It is used to create and delete row entries in
tmnxPkiCAProfAtCrlUpdTable.
In order to delete an entry, tmnxPkiCAProfAtCrlUpdAdminState must
first be set to 'outOfService(3)'.
When the tmnxPkiCAProfAtCrlUpdEntry is deleted, the agent also deletes
all rows in the tmnxPkiCAProfUrlTable associated to the entry."
::= { tmnxPkiCAProfAtCrlUpdEntry 1 }
tmnxPkiCAProfAtCrlUpdLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdLastChgd indicates time, since
system startup, that the configuration of this row was created or
modified."
::= { tmnxPkiCAProfAtCrlUpdEntry 2 }
tmnxPkiCAProfAtCrlUpdAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdAdminState specifies the
administrative state of this automated CRL update.
Automated CRL update and manual CRL update are mutually exclusive.
When the value of tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
and the current CRL is missing, expired or unusable, then the system
will start the update process immediately regardless of
tmnxPkiCAProfAtCrlUpdScheduleT.
When the value of tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService
(3)', the system shall stop the CRL update process immediately.
tmnxPkiCAProfAtCrlUpdAdminState can only be configured to 'inService
(2)', if tmnxPkiCAProfileAdminState is 'inService (2)' and the system
is not manually updating a CRL file."
DEFVAL { outOfService }
::= { tmnxPkiCAProfAtCrlUpdEntry 3 }
tmnxPkiCAProfAtCrlUpdScheduleT OBJECT-TYPE
SYNTAX INTEGER {
nextUpdateBased (1),
periodic (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdScheduleT specifies the type of time
scheduler to update the CRL.
The value of tmnxPkiCAProfAtCrlUpdScheduleT must be either of
'nextUpdateBased (1)' or 'periodic (2)':
Values:
nextUpdateBased(1)
The system starts updating a CRL file in
tmnxPkiCAProfAtCrlUpdPreUpdTime seconds prior to the
'nextUpdate' value of the current CRL. It will try to download
the CRL file from each URL location in order until it finds one
that qualifies. If none of the configured URLs work or none
of the downloaded CRLs qualifies, the system will wait for
tmnxPkiCAProfAtCrlUpdRetryIntv seconds before attempting to
download the CRL file again. In this case, if
tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop
attempting to update the CRL file and
tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'.
If the 'nextUpdate' field is missing from the CRL,
then the system cannot schedule the next CRL update and
tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'.
If the CRL is expected to be issued without a 'nextUpdate'
field, then the periodic scheduler type should be used instead.
periodic(2)
The system updates the CRL file every
tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. It will try to
download a CRL from each URL location in order until it finds
one that qualifies. If none of the configured URLs work or
none of the downloaded CRLs qualifies, the system
will try again in tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds.
The 'nextUpdate' field of the CRL, if present, is ignored in
this mode.
The cases that a downloaded CRL does not qualify are:
- the downloaded CRL file cannot be decoded by the system (e.g.,
wrong file type, truncated content)
- the downloaded CRL is not issued by the correct Certificate
Authority (CA)
- the downloaded CRL has expired or is not yet valid
- the downloaded CRL has not been updated
The URLs are configured using tmnxPkiCAProfUrlTable."
REFERENCE
"RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile', IETF, May 2008, section 5,
'CRL and CRL Extensions Profile'."
DEFVAL { nextUpdateBased }
::= { tmnxPkiCAProfAtCrlUpdEntry 4 }
tmnxPkiCAProfAtCrlUpdPrdcUpdIntv OBJECT-TYPE
SYNTAX Unsigned32 (3600..31622400)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv specifies the number of
seconds required between the start time points of two consecutive CRL
update operations.
The value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv is only used when
tmnxPkiCAProfAtCrlUpdScheduleT is set to 'periodic(2)'.
The value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv is ignored when
tmnxPkiCAProfAtCrlUpdScheduleT is set to 'nextUpdateBased(1)'.
The maximum value of tmnxPkiCAProfAtCrlUpdPrdcUpdIntv is 366 days
(31622400 seconds)."
DEFVAL { 86400 }
::= { tmnxPkiCAProfAtCrlUpdEntry 5 }
tmnxPkiCAProfAtCrlUpdPreUpdTime OBJECT-TYPE
SYNTAX Unsigned32 (0..31622400)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdPreUpdTime specifies the number of
seconds prior to the 'nextUpdate' time of the current CRL that the
system shall download a new CRL.
The value of tmnxPkiCAProfAtCrlUpdPreUpdTime is only used when
tmnxPkiCAProfAtCrlUpdScheduleT is set to 'nextUpdateBased(1)'.
The value of tmnxPkiCAProfAtCrlUpdPreUpdTime is ignored when
tmnxPkiCAProfAtCrlUpdScheduleT is set to 'periodic(2)'.
If the 'nextUpdate' field is missing, then the value of
tmnxPkiCAProfAtCrlUpdPreUpdTime has no effect.
The maximum value of tmnxPkiCAProfAtCrlUpdPreUpdTime is 366 days
(31622400 seconds)."
REFERENCE
"RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile', IETF, May 2008, section 5,
'CRL and CRL Extensions Profile'."
DEFVAL { 3600 }
::= { tmnxPkiCAProfAtCrlUpdEntry 6 }
tmnxPkiCAProfAtCrlUpdRetryIntv OBJECT-TYPE
SYNTAX Unsigned32 (0..31622400)
UNITS "seconds"
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdRetryIntv specifies the interval of
time that the system shall wait before attempting to download the CRL
file again, if none of the URLs works.
The value of tmnxPkiCAProfAtCrlUpdRetryIntv is only used when
tmnxPkiCAProfAtCrlUpdScheduleT is set to 'nextUpdateBased(1)'.
The value of tmnxPkiCAProfAtCrlUpdRetryIntv is ignored when
tmnxPkiCAProfAtCrlUpdScheduleT is set to 'periodic(2)'.
If the value of tmnxPkiCAProfAtCrlUpdRetryIntv is zero and none of the
URLs work, then the system will not attempt to download the CRL file
any further and tmnxPkiCAProfCrlCurUpdStatus is set to 'stopped (4)'.
The URLs are configured using tmnxPkiCAProfUrlTable."
DEFVAL { 3600 }
::= { tmnxPkiCAProfAtCrlUpdEntry 7 }
tmnxPkiCAProfAtCrlUpdLstSucsEtId OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..8)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdLstSucsEtId indicates the entry ID
of the last successful automated CRL update.
A value of zero is returned if the system never successfully updated a
CRL file since tmnxPkiCAProfAtCrlUpdAdminState was configured to
'inService (2)'.
The entry, which is configured using tmnxPkiCAProfUrlTable, contains
the information for one URL which is where the system downloads the
CRL file from."
::= { tmnxPkiCAProfAtCrlUpdEntry 8 }
tmnxPkiCAProfAtCrlUpdLstSucsTmSt OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdLstSucsTmSt indicates the time at
which the last successful automated CRL update was initiated. It is
measured in seconds from 1-Jan-1970 00:00:00 UTC.
A value of zero indicates that the system has not successfully updated
a CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
(2)'."
::= { tmnxPkiCAProfAtCrlUpdEntry 9 }
tmnxPkiCAProfAtCrlUpdLstSucsTmEd OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdLstSucsTmEd indicates the time at
which the last successful automated CRL update was finished. It is
measured in seconds from 1-Jan-1970 00:00:00 UTC.
A value of zero indicates that the system has not successfully updated
a CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
(2)'."
::= { tmnxPkiCAProfAtCrlUpdEntry 10 }
tmnxPkiCAProfAtCrlUpdNxCrlUpdTm OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdNxCrlUpdTm indicates the start time
of the next scheduled update. It is measured in seconds from
1-Jan-1970 00:00:00 UTC. The next scheduled update time depends on the
value of tmnxPkiCAProfAtCrlUpdScheduleT.
A value of zero indicates that there is no scheduled update for the
CRL."
::= { tmnxPkiCAProfAtCrlUpdEntry 11 }
tmnxPkiCAProfUrlTablLastChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfUrlTablLastChgd indicates the time, since
system startup, when tmnxPkiCAProfUrlTable last changed configuration.
A value of zero indicates that no changes were made to this table
since the system was last initialized."
::= { tmnxPkiSecurityObjs 14 }
tmnxPkiCAProfUrlTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxPkiCAProfUrlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCAProfUrlTable contains objects used to configure instances
of URL information, which includes the URL location and the file
transmission profile to use. The URL location indicates where an
updated CRL can be downloaded from.
The maximum number of rows in tmnxPkiCAProfUrlTable is 8."
::= { tmnxPkiSecurityObjs 15 }
tmnxPkiCAProfUrlEntry OBJECT-TYPE
SYNTAX TmnxPkiCAProfUrlEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each tmnxPkiCAProfUrlEntry contains the information for one URL.
Rows in tmnxPkiCAProfUrlTable are created and destroyed via SNMP set
operations to tmnxPkiCAProfUrlRowStatus. When the
tmnxPkiCAProfileEntry or tmnxPkiCAProfAtCrlUpdEntry is deleted, the
agent also deletes all rows in the tmnxPkiCAProfUrlTable associated to
the entry."
INDEX {
tmnxPkiCAProfile,
tmnxPkiCAProfUrlId
}
::= { tmnxPkiCAProfUrlTable 1 }
TmnxPkiCAProfUrlEntry ::= SEQUENCE
{
tmnxPkiCAProfUrlId Unsigned32,
tmnxPkiCAProfUrlRowStatus RowStatus,
tmnxPkiCAProfUrlLastChanged TimeStamp,
tmnxPkiCAProfUrl TmnxDisplayStringURL,
tmnxPkiCAProfUrlFileTransProf TNamedItemOrEmpty
}
tmnxPkiCAProfUrlId OBJECT-TYPE
SYNTAX Unsigned32 (1..8)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfUrlId uniquely specifies one URL configured
on this system."
::= { tmnxPkiCAProfUrlEntry 1 }
tmnxPkiCAProfUrlRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfUrlRowStatus specifies the status of this
row. It is used to create and delete row entries in
tmnxPkiCAProfUrlTable."
::= { tmnxPkiCAProfUrlEntry 2 }
tmnxPkiCAProfUrlLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfUrlLastChanged indicates the time, since
system startup, that the configuration of this row was created or
modified."
::= { tmnxPkiCAProfUrlEntry 3 }
tmnxPkiCAProfUrl OBJECT-TYPE
SYNTAX TmnxDisplayStringURL
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfUrl specifies the URL, which specifies the
location, where an updated CRL can be downloaded from.
This object must be configured together with
tmnxPkiCAProfUrlFileTransProf.
The value of an empty string specifies no URL is configured."
REFERENCE
"RFC 1738. 'Uniform Resource Locators (URL)', IETF, December 1994."
DEFVAL { "" }
::= { tmnxPkiCAProfUrlEntry 4 }
tmnxPkiCAProfUrlFileTransProf OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfUrlFileTransProf specifies the name of the
file transmission profile to be matched.
This object must be configured together with tmnxPkiCAProfUrl.
File transmission profiles are configured using
tmnxSysFileTransProfTable.
The value of an empty string specifies that no file transmission
profile is configured."
DEFVAL { "" }
::= { tmnxPkiCAProfUrlEntry 5 }
tmnxPkiCAProfManCrlUpdTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxPkiCAProfManCrlUpdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCAProfManCrlUpdTable contains objects used to configure
instances of manual Certificate Revocation List (CRL) update
operation."
::= { tmnxPkiSecurityObjs 16 }
tmnxPkiCAProfManCrlUpdEntry OBJECT-TYPE
SYNTAX TmnxPkiCAProfManCrlUpdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each tmnxPkiCAProfManCrlUpdEntry contains the configuration for one
manual Certificate Revocation List (CRL) update operation.
Rows in tmnxPkiCAProfManCrlUpdTable are automatically created and
destroyed when an associated row is created or destroyed in the
tmnxPkiCAProfAtCrlUpdEntry."
AUGMENTS { tmnxPkiCAProfAtCrlUpdEntry }
::= { tmnxPkiCAProfManCrlUpdTable 1 }
TmnxPkiCAProfManCrlUpdEntry ::= SEQUENCE
{
tmnxPkiCAProfManCrlUpdAct TmnxActionType,
tmnxPkiCAProfManCrlUpdAbort TmnxActionType
}
tmnxPkiCAProfManCrlUpdAct OBJECT-TYPE
SYNTAX TmnxActionType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfManCrlUpdAct specifies whether or not to
trigger the manual CRL update operation.
Manual CRL update and automated CRL update are mutually exclusive.
tmnxPkiCAProfManCrlUpdAct can only be configured to 'doAction (1)'
when tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)' and
tmnxPkiCAProfileAdminState is 'inService (2)'."
::= { tmnxPkiCAProfManCrlUpdEntry 1 }
tmnxPkiCAProfManCrlUpdAbort OBJECT-TYPE
SYNTAX TmnxActionType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfManCrlUpdAbort specifies whether or not to
abort the manual CRL update operation.
Manual CRL download and automated CRL update, which is configured via
tmnxPkiCAProfAtCrlUpdTable, are mutually exclusive.
tmnxPkiCAProfManCrlUpdAbort can only be configured to 'doAction (1)'
when tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)' and
tmnxPkiCAProfileAdminState is 'inService (2)'."
::= { tmnxPkiCAProfManCrlUpdEntry 2 }
tmnxPkiCAProfCrlUpdTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxPkiCAProfCrlUpdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCAProfCrlUpdTable contains the statistics information of
the automated and manual Certificate Revocation List (CRL) update
operations."
::= { tmnxPkiSecurityObjs 17 }
tmnxPkiCAProfCrlUpdEntry OBJECT-TYPE
SYNTAX TmnxPkiCAProfCrlUpdEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each tmnxPkiCAProfCrlUpdEntry contains the statistics information for
the automated and manual Certificate Revocation List (CRL) update
operation.
Rows in tmnxPkiCAProfManCrlUpdTable are automatically created and
destroyed when an associated row is created or destroyed in the
tmnxPkiCAProfAtCrlUpdEntry."
AUGMENTS { tmnxPkiCAProfAtCrlUpdEntry }
::= { tmnxPkiCAProfCrlUpdTable 1 }
TmnxPkiCAProfCrlUpdEntry ::= SEQUENCE
{
tmnxPkiCAProfCrlCurUpdStatus INTEGER,
tmnxPkiCAProfCrlCurUpdEtId Unsigned32,
tmnxPkiCAProfCrlCurUpdStartTime Unsigned32,
tmnxPkiCAProfAtCrlUpdLstFailedId Unsigned32,
tmnxPkiCAProfAtCrlUpdLstFailTmSt Unsigned32,
tmnxPkiCAProfAtCrlUpdLstFailTmEd Unsigned32,
tmnxPkiCAProfAtCrlUpdLstFailReas INTEGER
}
tmnxPkiCAProfCrlCurUpdStatus OBJECT-TYPE
SYNTAX INTEGER {
notUpdating (0),
autoScheduled (1),
autoDownloading (2),
manualDownloading (3),
stopped (4),
autoVerifying (5),
manualVerifying (6)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCrlCurUpdStatus indicates the CRL update
status of this row.
Values:
notUpdating (0)
The system is not updating the CRL file. This happens when
the following conditions are met:
1) The system is not manually updating a CRL file, and
2) tmnxPkiCAProfAtCrlUpdAdminState is 'outOfService (3)'.
autoScheduled (1)
The system is waiting for the next scheduled CRL update time
(tmnxPkiCAProfAtCrlUpdNxCrlUpdTm) in an automated
CRL update operation. This happens when the following
conditions are met:
1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
and
2) The next scheduled CRL update time is not reached.
autoDownloading (2)
The system is downloading the CRL file in an automated CRL
update operation. This happens when the following conditions
are met:
1) tmnxPkiCAProfAtCrlUpdAdminState is 'inService (2)',
and
2) The current CRL is invalid, or next scheduled CRL update
time is reached.
manualDownloading (3)
The system is downloading the CRL file in a manual CRL update
operation (tmnxPkiCAProfManCrlUpdTable).
stopped (4)
The system stopped updating the CRL. This happens when one
of the following conditions are met:
1) In the automated CRL update case, the system did not find
a CRL that qualifies from any of the configured URLs.
Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is
'nextUpdateBased (1)' and the value of
tmnxPkiCAProfAtCrlUpdRetryIntv is zero; or
2) In the automated CRL update case, the system finds a CRL
that qualifies from one of the configured URLs, but
the 'nextUpdate' field is missing.
Meanwhile, tmnxPkiCAProfAtCrlUpdScheduleT is
'nextUpdateBased (1)'; or
3) In the manual CRL update case, the system did not find
a CRL that qualifies from any of the configured URLs.
4) The manual CRL update was aborted by configuring
tmnxPkiCAProfManCrlUpdAbort to 'doAction (1)'.
tmnxPkiCAProfCrlCurUpdStatus will never be 'stopped (4)' when
tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'. In this
case, after attempting all URLs, the system will try to
update the CRL file again in
tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds.
autoVerifying (5)
The system is verifying the downloaded CRL file in an
automated CRL update operation.
manualVerifying (6)
The system is verifying the downloaded CRL file in a
manual CRL update operation."
::= { tmnxPkiCAProfCrlUpdEntry 1 }
tmnxPkiCAProfCrlCurUpdEtId OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..8)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCrlCurUpdEtId indicates the entry ID which
is being used in the current update for a CRL file. A value of zero is
returned if the value of tmnxPkiCAProfCrlCurUpdStatus is 'notUpdating
(0)' or 'stopped (4)'.
The entry, which is configured using tmnxPkiCAProfUrlTable, contains
the information for one URL which is where the system downloads the
CRL file from."
::= { tmnxPkiCAProfCrlUpdEntry 2 }
tmnxPkiCAProfCrlCurUpdStartTime OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfCrlCurUpdStartTime indicates the time at
which the current automated CRL update was initiated. It is measured
in seconds from 1-Jan-1970 00:00:00 UTC.
A value of zero indicates that the system has not started updating a
CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
(2)'."
::= { tmnxPkiCAProfCrlUpdEntry 3 }
tmnxPkiCAProfAtCrlUpdLstFailedId OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..8)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdLstFailedId indicates the entry ID
of the last failed automated CRL update.
A value of zero is returned if the system has not failed to update any
CRL file since tmnxPkiCAProfAtCrlUpdAdminState was configured to
'inService (2)'.
The entry, which is configured using tmnxPkiCAProfUrlTable, contains
the information for one URL which is where the system downloads the
CRL file from."
::= { tmnxPkiCAProfCrlUpdEntry 4 }
tmnxPkiCAProfAtCrlUpdLstFailTmSt OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdLstFailTmSt indicates the time at
which the last failed automated CRL update was initiated. It is
measured in seconds from 1-Jan-1970 00:00:00 UTC.
A value of zero indicates that the system has not failed to update any
CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
(2)'."
::= { tmnxPkiCAProfCrlUpdEntry 5 }
tmnxPkiCAProfAtCrlUpdLstFailTmEd OBJECT-TYPE
SYNTAX Unsigned32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdLstFailTmEd indicates the time at
which the last failed automated CRL update was finished. It is
measured in seconds from 1-Jan-1970 00:00:00 UTC.
A value of zero indicates that the system has not failed to update any
CRL file since tmnxPkiCAProfAtCrlUpdAdminState was set to 'inService
(2)'."
::= { tmnxPkiCAProfCrlUpdEntry 6 }
tmnxPkiCAProfAtCrlUpdLstFailReas OBJECT-TYPE
SYNTAX INTEGER {
noFailure (0),
downloadFailed (1),
invalidCRL (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAtCrlUpdLstFailReas indicates the reason of
the recent failed automated CRL update.
noFailure (0) -- The system never fails to update the CRL file
downloadFailed (1) -- The system failed to download the CRL file
invalidCRL (2) -- The verification of the downloaded CRL file
failed"
::= { tmnxPkiCAProfCrlUpdEntry 7 }
tmnxPkiCAProfActnTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxPkiCAProfActnEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnTable allows actions on the Certificate-Authority
profiles."
::= { tmnxPkiSecurityObjs 22 }
tmnxPkiCAProfActnEntry OBJECT-TYPE
SYNTAX TmnxPkiCAProfActnEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnEntry allows action on a specific
Certificate-Authority profile."
INDEX { tmnxPkiCAProfile }
::= { tmnxPkiCAProfActnTable 1 }
TmnxPkiCAProfActnEntry ::= SEQUENCE
{
tmnxPkiCAProfActnType INTEGER,
tmnxPkiCAProfAction TmnxActionType,
tmnxPkiCAProfActnKey DisplayString,
tmnxPkiCAProfActnProtAlgPass DisplayString,
tmnxPkiCAProfActnProtAlgRef DisplayString,
tmnxPkiCAProfActnProtAlgSigCert DisplayString,
tmnxPkiCAProfActnProtAlgSigHash INTEGER,
tmnxPkiCAProfActnSubjectDn DisplayString,
tmnxPkiCAProfActnSaveAsFile DisplayString,
tmnxPkiCAProfActnNewKey DisplayString,
tmnxPkiCAProfActnStatus INTEGER,
tmnxPkiCAProfActnStatusString DisplayString,
tmnxPkiCAProfActnStatusCode INTEGER,
tmnxPkiCAProfActnOrigCmdTime DateAndTime,
tmnxPkiCAProfActnLastCAResp DateAndTime,
tmnxPkiCAProfActnSendChain TruthValue,
tmnxPkiCAProfActnSendChainCA TNamedItemOrEmpty,
tmnxPkiCAProfActnProtKey DisplayString,
tmnxPkiCAProfActnDomain TmnxLongDisplayString,
tmnxPkiCAProfActnInetAddrType InetAddressType,
tmnxPkiCAProfActnInetAddr InetAddress
}
tmnxPkiCAProfActnType OBJECT-TYPE
SYNTAX INTEGER {
initialRegistration (1),
certRequest (2),
keyUpdate (3),
poll (4),
clearRequest (5),
abortRequest (6)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnType specifies the action to be performed on the
CA profile.
The tmnxPkiCAProfActnType and tmnxPkiCAProfAction objects must be set
together for the specific action to be performed."
::= { tmnxPkiCAProfActnEntry 1 }
tmnxPkiCAProfAction OBJECT-TYPE
SYNTAX TmnxActionType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxPkiCAProfAction specifies to perform action specified
in the tmnxPkiCAProfActnType object.
The value of tmnxPkiCAProfAction will always be returned as
'notApplicable'.
The tmnxPkiCAProfActnType and tmnxPkiCAProfAction objects must be set
together for the specific action to be performed."
DEFVAL { notApplicable }
::= { tmnxPkiCAProfActnEntry 2 }
tmnxPkiCAProfActnKey OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..95))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnKey specifies the key associated with requested
action on the CA profile."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 3 }
tmnxPkiCAProfActnProtAlgPass OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..64))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnProtAlgPass specifies the password of the
protection algorithm associated with requested action on the CA
profile.
The value of tmnxPkiCAProfActnProtAlgPass cannot be set to an empty
string if tmnxPkiCAProfAction is set to 'initialRegistration' and the
CMP request is to be protected by Message Authentication Code (MAC).
GETs and GETNEXTs on this variable return an empty string."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 4 }
tmnxPkiCAProfActnProtAlgRef OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..64))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnProtAlgRef specifies the reference number of the
protection algorithm associated with requested action on the CA
profile.
The value of tmnxPkiCAProfActnProtAlgRef cannot be set to an empty
string if tmnxPkiCAProfAction is set to 'initialRegistration' and the
CMP request is to be protected by Message Authentication Code (MAC)."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 5 }
tmnxPkiCAProfActnProtAlgSigCert OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..95))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnProtAlgSigCert specifies the signature
certificate file for the protection algorithm associated with
requested action on the CA profile.
The value of tmnxPkiCAProfActnProtAlgSigCert cannot be set to an empty
string if tmnxPkiCAProfAction is set to 'certRequest' or 'keyUpdate'
and the CMP request is to be protected by Digital Signature."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 6 }
tmnxPkiCAProfActnProtAlgSigHash OBJECT-TYPE
SYNTAX INTEGER {
null (1),
md5 (2),
sha1 (3),
sha256 (4),
sha384 (5),
sha512 (6),
sha224 (7)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnProtAlgSigHash specifies the signature hash
algorithm for the protection algorithm associated with requested
action on the CA profile.
The value of tmnxPkiCAProfActnProtAlgSigHash cannot be set to 'null'
if tmnxPkiCAProfAction is set to 'initialRegistration' or
'certRequest' or 'keyUpdate', and the CMP request is to be protected
by Digital Signature."
DEFVAL { sha1 }
::= { tmnxPkiCAProfActnEntry 7 }
tmnxPkiCAProfActnSubjectDn OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnSubjectDn specifies the domain of the subject
associated with requested action on the CA profile.
The value of tmnxPkiCAProfActnSubjectDn cannot be set to an empty
string if tmnxPkiCAProfAction is set to 'initialRegistration' or
'certRequest'."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 8 }
tmnxPkiCAProfActnSaveAsFile OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..200))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnSaveAsFile specifies the file name to which
resultant certificate is saved associated with the requested action on
the CA profile.
The value of tmnxPkiCAProfActnSaveAsFile cannot be set to an empty
string if tmnxPkiCAProfAction is set to 'initialRegistration' or
'certRequest' or 'keyUpdate'."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 9 }
tmnxPkiCAProfActnNewKey OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..95))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnNewKey specifies the new key associated with
requested action on the CA profile.
The value of tmnxPkiCAProfActnNewKey cannot be set to an empty string
if tmnxPkiCAProfAction is set to 'keyUpdate'."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 10 }
tmnxPkiCAProfActnStatus OBJECT-TYPE
SYNTAX INTEGER {
processed (0),
inProgress (1),
failed (2)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnStatus indicates the status of the last action on
the CA profile."
::= { tmnxPkiCAProfActnEntry 11 }
tmnxPkiCAProfActnStatusString OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnStatusString indicates the detailed status of the
last action on the CA profile."
::= { tmnxPkiCAProfActnEntry 12 }
tmnxPkiCAProfActnStatusCode OBJECT-TYPE
SYNTAX INTEGER {
none (0),
accepted (1),
grantedWithMods (2),
rejection (3),
waiting (4),
revocationWarning (5),
revocationNotification (6),
keyUpdateWarning (7)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnStatusCode indicates the status of the last
action on the CA profile."
::= { tmnxPkiCAProfActnEntry 13 }
tmnxPkiCAProfActnOrigCmdTime OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnOrigCmdTime indicates the time when original
command request was issued."
::= { tmnxPkiCAProfActnEntry 14 }
tmnxPkiCAProfActnLastCAResp OBJECT-TYPE
SYNTAX DateAndTime
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnLastCAResp indicates the last response from the
the CA server."
::= { tmnxPkiCAProfActnEntry 15 }
tmnxPkiCAProfActnSendChain OBJECT-TYPE
SYNTAX TruthValue
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnSendChain specifies whether to send the chain in
the extra certificates."
DEFVAL { false }
::= { tmnxPkiCAProfActnEntry 16 }
tmnxPkiCAProfActnSendChainCA OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnSendChainCA specifies the Certificate Authority
profile to pick the chain in case of multiple chains available.
System will calculate the chain, if the value of this object is set to
empty.
The action will fail, if the unique chain can not be resolved."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 17 }
tmnxPkiCAProfActnProtKey OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..95))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnProtKey specifies the protection key associated
with requested action on the CA profile."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 18 }
tmnxPkiCAProfActnDomain OBJECT-TYPE
SYNTAX TmnxLongDisplayString (SIZE (0..512))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The tmnxPkiCAProfActnDomain specifies the comma separated domain names
associated with requested action on the CA profile.
The tmnxPkiCAProfActnDomain may be set non-default when
tmnxPkiCAProfAction is being set to 'initialRegistration' or
'certRequest'."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 19 }
tmnxPkiCAProfActnInetAddrType OBJECT-TYPE
SYNTAX InetAddressType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCAProfActnInetAddrType specifies the
address type of the 'tmnxPkiCAProfActnInetAddr' object."
DEFVAL { unknown }
::= { tmnxPkiCAProfActnEntry 20 }
tmnxPkiCAProfActnInetAddr OBJECT-TYPE
SYNTAX InetAddress (SIZE (0|4|16))
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCAProfActnInetAddr specifies the IP
address as 'subjectAltName' in certificate template of CMPv2 initial
registration or certificate-request action.
The tmnxPkiCAProfActnInetAddr must be set together with
tmnxPkiCAProfActnInetAddrType object."
DEFVAL { ''H }
::= { tmnxPkiCAProfActnEntry 21 }
tmnxPkiCNListTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCNListTableLastChanged indicates the
timestamp of the last change to the tmnxPkiCNListTable. A value of
zero indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxPkiSecurityObjs 23 }
tmnxPkiCNListTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxPkiCNListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCNListTable is the Common Name List table. It contains
lists of supported Common Names. Entries are created and deleted by
the user. Common name is domain name or IP address, which is present
in a certificate in field 'Common Name' (CN) or in the extension
'Subject Alternative Name' (SAN). Certificate is valid, if CN or one
of SANs corresponds to any item in the CN List."
::= { tmnxPkiSecurityObjs 24 }
tmnxPkiCNListEntry OBJECT-TYPE
SYNTAX TmnxPkiCNListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCNListEntry is an entry (conceptual row) in the
tmnxPkiCNListTable. Each entry represents the configuration for an
ordered list of supported Common Names."
INDEX { tmnxPkiCNListName }
::= { tmnxPkiCNListTable 1 }
TmnxPkiCNListEntry ::= SEQUENCE
{
tmnxPkiCNListName TNamedItem,
tmnxPkiCNListLastChanged TimeStamp,
tmnxPkiCNListRowStatus RowStatus
}
tmnxPkiCNListName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCNListName specifies the name of an
ordered list of supported common names."
::= { tmnxPkiCNListEntry 1 }
tmnxPkiCNListLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCNListLastChanged indicates the
sysUpTime at the time of the most recent management-initiated change
to this entry."
::= { tmnxPkiCNListEntry 2 }
tmnxPkiCNListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCNListRowStatus indicates the status of
the conceptual row in tmnxPkiCNListTable. Only values 'createAndGo(4)'
and 'destroy(6)' are supported."
::= { tmnxPkiCNListEntry 3 }
tmnxPkiCNListParamTableLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"This value of the object tmnxPkiCNListParamTableLstChgd indicates the
timestamp of the last change to the tmnxPkiCNListParamTable. A value
of zero indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxPkiSecurityObjs 25 }
tmnxPkiCNListParamTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxPkiCNListParamEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCNListParamTable stores configuration and status
information related to Common Names which belong to ordered lists of
Common Names specified by entries in tmnxPkiCNListTable."
::= { tmnxPkiSecurityObjs 26 }
tmnxPkiCNListParamEntry OBJECT-TYPE
SYNTAX TmnxPkiCNListParamEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxPkiCNListParamEntry is an entry (conceptual row) in the
tmnxPkiCNListParamTable. Each entry contains information pertaining to
a Common Name which belongs to a list specified by tmnxPkiCNListName."
INDEX {
tmnxPkiCNListName,
tmnxPkiCNListParamIndex
}
::= { tmnxPkiCNListParamTable 1 }
TmnxPkiCNListParamEntry ::= SEQUENCE
{
tmnxPkiCNListParamIndex Unsigned32,
tmnxPkiCNListParamLastChanged TimeStamp,
tmnxPkiCNListParamRowStatus RowStatus,
tmnxPkiCNListParamCNType TmnxPkiCNType,
tmnxPkiCNListParamCNValue TRegularExpression
}
tmnxPkiCNListParamIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..128)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCNListParamIndex specifies the order of
preference of a Common Name within the list specified by
tmnxPkiCNListName."
::= { tmnxPkiCNListParamEntry 1 }
tmnxPkiCNListParamLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxPkiCNListParamLastChanged is the timestamp of last
change to this entry."
::= { tmnxPkiCNListParamEntry 2 }
tmnxPkiCNListParamRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCNListParamRowStatus specifies the
status of the conceptual row in tmnxPkiCNListParamTable."
::= { tmnxPkiCNListParamEntry 3 }
tmnxPkiCNListParamCNType OBJECT-TYPE
SYNTAX TmnxPkiCNType
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCNListParamCNType specifies the type of
Common Name."
::= { tmnxPkiCNListParamEntry 4 }
tmnxPkiCNListParamCNValue OBJECT-TYPE
SYNTAX TRegularExpression
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxPkiCNListParamCNValue specifies value of
Common Name for which a certificate is issued."
::= { tmnxPkiCNListParamEntry 5 }
tmnxPkiImportedFormat OBJECT-TYPE
SYNTAX INTEGER {
any (1),
secure (2)
}
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxPkiImportedFormat specifies the supported encrypted
file formats.
any - both old and new encrypted file format are supported
secure - only the new encrypted file format is supported"
DEFVAL { any }
::= { tmnxPkiSecurityObjs 27 }
tmnxCertMgrStatsGroup OBJECT IDENTIFIER ::= { tmnxSecurityObjects 19 }
tmnxCertMgrAuthFailed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxCertMgrAuthFailed indicates the number of authentication
failures using the certificates."
::= { tmnxCertMgrStatsGroup 1 }
tmnxCertMgrAuthPassed OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxCertMgrAuthPassed indicates the number of authentication
checks passed using the certificates."
::= { tmnxCertMgrStatsGroup 2 }
tmnxCertMgrTotalAuth OBJECT-TYPE
SYNTAX Counter32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The tmnxCertMgrTotalAuth indicates the number of authentication
attempts using the certificates."
::= { tmnxCertMgrStatsGroup 3 }
tmnxUserPublicKeyObjects OBJECT IDENTIFIER ::= { tmnxSecurityObjects 20 }
tmnxUserPublicKeyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxUserPublicKeyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxUserPublicKeyTable has entries for Secure Shell version 2
(SSHv2) RSA public keys configured for the system users."
::= { tmnxUserPublicKeyObjects 1 }
tmnxUserPublicKeyEntry OBJECT-TYPE
SYNTAX TmnxUserPublicKeyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents a Secure Shell version 2 (SSHv2) RSA public
key associated with the system user. Entries in this table can be
created and deleted via SNMP SET operations to
tmnxUserPublicKeyRowStatus."
INDEX {
tmnxUserName,
tmnxUserPublicKeyNumber
}
::= { tmnxUserPublicKeyTable 1 }
TmnxUserPublicKeyEntry ::= SEQUENCE
{
tmnxUserPublicKeyNumber Unsigned32,
tmnxUserPublicKeyRowStatus RowStatus,
tmnxUserPublicKeyLastChanged TimeStamp,
tmnxUserPublicKeyName TmnxLongDisplayString,
tmnxUserPublicKeyDescription TItemDescription
}
tmnxUserPublicKeyNumber OBJECT-TYPE
SYNTAX Unsigned32 (1..32)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxUserPublicKeyNumber specifies the number of the
Secure Shell version 2 (SSHv2) RSA public key that is associated with
the system user."
::= { tmnxUserPublicKeyEntry 1 }
tmnxUserPublicKeyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserPublicKeyRowStatus specifies the row status of
this entry. It is used for creation and deletion of the Secure Shell
version 2 (SSHv2) RSA public key.
Only values 'active (1)', 'createAndGo(4)', and 'destroy (6)' are
supported."
::= { tmnxUserPublicKeyEntry 2 }
tmnxUserPublicKeyLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxUserPublicKeyLastChanged indicates the timestamp of
the last change to this row in tmnxUserPublicKeyTable."
::= { tmnxUserPublicKeyEntry 3 }
tmnxUserPublicKeyName OBJECT-TYPE
SYNTAX TmnxLongDisplayString (SIZE (0..800))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserPublicKeyName specifies the value of the Secure
Shell version 2 (SSHv2) RSA public key associated with the system
user."
DEFVAL { ''H }
::= { tmnxUserPublicKeyEntry 4 }
tmnxUserPublicKeyDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserPublicKeyDescription specifies the user-provided
string describing this RSA public key."
DEFVAL { ''H }
::= { tmnxUserPublicKeyEntry 5 }
tmnxUserPubKeyTableLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxUserPubKeyTableLastChanged indicates the
timestamp of the last change to the tmnxUserPublicKeyTable. A value of
0 indicates that no changes were made to this table since the system
was last initialized."
::= { tmnxUserPublicKeyObjects 2 }
tmnxUserPubEcdsaKeyTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxUserPubEcdsaKeyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxUserPubEcdsaKeyTable has entries for Secure Shell version 2
(SSHv2) ECDSA public keys configured for the system users."
::= { tmnxUserPublicKeyObjects 3 }
tmnxUserPubEcdsaKeyEntry OBJECT-TYPE
SYNTAX TmnxUserPubEcdsaKeyEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Each row entry represents a Secure Shell version 2 (SSHv2) ECDSA
public key associated with the system user. Entries in this table can
be created and deleted via SNMP SET operations to
tmnxUserPubEcdsaKeyRowStatus."
INDEX {
tmnxUserName,
tmnxUserPubEcdsaKeyNumber
}
::= { tmnxUserPubEcdsaKeyTable 1 }
TmnxUserPubEcdsaKeyEntry ::= SEQUENCE
{
tmnxUserPubEcdsaKeyNumber Unsigned32,
tmnxUserPubEcdsaKeyRowStatus RowStatus,
tmnxUserPubEcdsaKeyLastChanged TimeStamp,
tmnxUserPubEcdsaKeyName DisplayString,
tmnxUserPubEcdsaKeyDescription TItemDescription
}
tmnxUserPubEcdsaKeyNumber OBJECT-TYPE
SYNTAX Unsigned32 (1..32)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxUserPubEcdsaKeyNumber specifies the number of the
Secure Shell version 2 (SSHv2) ECDSA public key that is associated
with the system user."
::= { tmnxUserPubEcdsaKeyEntry 1 }
tmnxUserPubEcdsaKeyRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserPubEcdsaKeyRowStatus specifies the row status of
this entry. It is used for creation and deletion of the Secure Shell
version 2 (SSHv2) ECDSA public key.
Only values 'active (1)', 'createAndGo(4)', and 'destroy (6)' are
supported."
::= { tmnxUserPubEcdsaKeyEntry 2 }
tmnxUserPubEcdsaKeyLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxUserPubEcdsaKeyLastChanged indicates the timestamp of
the last change to this row in tmnxUserPubEcdsaKeyTable."
::= { tmnxUserPubEcdsaKeyEntry 3 }
tmnxUserPubEcdsaKeyName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..255))
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserPubEcdsaKeyName specifies the value of the Secure
Shell version 2 (SSHv2) ECDSA public key associated with the system
user."
DEFVAL { ''H }
::= { tmnxUserPubEcdsaKeyEntry 4 }
tmnxUserPubEcdsaKeyDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxUserPubEcdsaKeyDescription specifies the
user-provided string describing this ECDSA public key."
DEFVAL { ''H }
::= { tmnxUserPubEcdsaKeyEntry 5 }
tmnxUserPubEcdsaKeyTblLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxUserPubEcdsaKeyTblLstChgd indicates the
timestamp of the last change to the tmnxUserPubEcdsaKeyTable. A value
of 0 indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxUserPublicKeyObjects 4 }
tmnxUserActionObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 21 }
tmnxUserActionUserName OBJECT-TYPE
SYNTAX TNamedItemOrEmpty
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxUserActionUserName specifies the user name on which
the action applies."
::= { tmnxUserActionObjs 1 }
tmnxUserActionUnlock OBJECT-TYPE
SYNTAX TmnxActionType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When tmnxUserActionUnlock is set to 'doAction', the user specified in
tmnxUserActionUserName can make again tmnxPasswordAttemptsCount
unsuccessful login attempts before he is locked out for
tmnxPasswordAttemptsLockoutPeriod minutes, and his exponential backoff
period is reset to 1 second if slcLoginExponentialBackOff is set to
'true'.
When setting the value of this object to 'doAction', the value of
tmnxUserActionUserName must be set as well in the same SNMP SET PDU.
If the value of tmnxUserActionUserName is set to an empty string, this
action applies to all users."
::= { tmnxUserActionObjs 2 }
tmnxUserActionClearPwdHistory OBJECT-TYPE
SYNTAX TmnxActionType
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"When tmnxUserActionClearPwdHistory is set to 'doAction', the password
history of one or more users will be cleared, allowing them to reuse
any password that they previously used.
When setting the value of this object to 'doAction', the value of
tmnxUserActionUserName must be set as well in the same SNMP SET PDU.
If the value of tmnxUserActionUserName is set to a non-empty string
only the password history of the specified user will be cleared.
Otherwise the password history of all users will be cleared."
::= { tmnxUserActionObjs 3 }
tmnxTacPlusPrivLvlMapTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxTacPlusPrivLvlMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table which maps privilege levels to user profiles.
This table is used during TACACS+ authorization to map priv-lvl to a
user profile when tmnxTacPlusAuthorUsePrivLvl is 'true(1)', and it is
also used during the TACACS+ enable request to map
tmnxTacPlusEnableAdminPrivLvl to a user profile."
::= { tmnxSecurityObjects 22 }
tmnxTacPlusPrivLvlMapEntry OBJECT-TYPE
SYNTAX TmnxTacPlusPrivLvlMapEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single user profile."
INDEX { tmnxTacPlusPrivLvlMapPrivLvl }
::= { tmnxTacPlusPrivLvlMapTable 1 }
TmnxTacPlusPrivLvlMapEntry ::= SEQUENCE
{
tmnxTacPlusPrivLvlMapPrivLvl Unsigned32,
tmnxTacPlusPrivLvlRowStatus RowStatus,
tmnxTacPlusPrivLvlMapUserProfile TNamedItem
}
tmnxTacPlusPrivLvlMapPrivLvl OBJECT-TYPE
SYNTAX Unsigned32 (0..15)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxTacPlusPrivLvlMapPrivLvl specifies the privilege
level for this mapping."
::= { tmnxTacPlusPrivLvlMapEntry 1 }
tmnxTacPlusPrivLvlRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxTacPlusPrivLvlRowStatus controls the creation and
deletion of rows in this table."
::= { tmnxTacPlusPrivLvlMapEntry 2 }
tmnxTacPlusPrivLvlMapUserProfile OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxTacPlusPrivLvlMapUserProfile specifies the user
profile for this mapping.
This user profile refers to a profile configured in
tmnxUserProfileTable."
::= { tmnxTacPlusPrivLvlMapEntry 3 }
tmnxOcspCacheTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxOcspCacheEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxOcspCacheTable maintains a cache of OCSP (Online Certificate
Status Protocol) requests."
::= { tmnxSecurityObjects 23 }
tmnxOcspCacheEntry OBJECT-TYPE
SYNTAX TmnxOcspCacheEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The tmnxOcspCacheEntry maintains OCSP cache of an OCSP request."
INDEX { tmnxOcspCacheEntryId }
::= { tmnxOcspCacheTable 1 }
TmnxOcspCacheEntry ::= SEQUENCE
{
tmnxOcspCacheEntryId Integer32,
tmnxOcspCacheCertSerial OCTET STRING,
tmnxOcspCacheCertIssuer TLDisplayString,
tmnxOcspCacheExpiry Unsigned32,
tmnxOcspCacheCertStatus INTEGER
}
tmnxOcspCacheEntryId OBJECT-TYPE
SYNTAX Integer32
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxOcspCacheEntryId indicates the local cache entry
identifier of the certificate that was validated by the OCSP
responder."
::= { tmnxOcspCacheEntry 1 }
tmnxOcspCacheCertSerial OBJECT-TYPE
SYNTAX OCTET STRING (SIZE (1..20))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxOcspCacheCertSerial indicates the the serial number
of the certificate associated with this OCSP (Online Certificate
Status Protocol) cache entry."
::= { tmnxOcspCacheEntry 2 }
tmnxOcspCacheCertIssuer OBJECT-TYPE
SYNTAX TLDisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxOcspCacheCertIssuer indicates the issuer of the
certificate that was validated by the OCSP responder."
::= { tmnxOcspCacheEntry 3 }
tmnxOcspCacheExpiry OBJECT-TYPE
SYNTAX Unsigned32
UNITS "seconds"
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxOcspCacheExpiry indicates the time at which this
cache entry will automatically be purged by the system."
::= { tmnxOcspCacheEntry 4 }
tmnxOcspCacheCertStatus OBJECT-TYPE
SYNTAX INTEGER {
good (0),
revoked (1)
}
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxOcspCacheCertStatus indicates status of the
certificate associated with this OCSP (Online Certificate Status
Protocol) cache entry."
::= { tmnxOcspCacheEntry 5 }
tmnxSecurityTech OBJECT IDENTIFIER ::= { tmnxSecurityObjects 24 }
tmnxSecurityTechSupportLocation OBJECT-TYPE
SYNTAX TmnxDisplayStringURL
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of tmnxSecurityTechSupportLocation specifies the default
file path for generated tech-support files. If not specified, there is
no default location, and one must be manually specified when
generating an admin tech-support file."
DEFVAL { "" }
::= { tmnxSecurityTech 1 }
tmnxSSHCipherTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSSHCipherEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This Table indicates the ciphers allowed for SSH protocol version 1
and SSH protocol version 2."
::= { tmnxSecurityObjects 25 }
tmnxSSHCipherEntry OBJECT-TYPE
SYNTAX TmnxSSHCipherEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single cipher."
INDEX {
tmnxSSHCipherProtocolVersion,
tmnxSSHCipherNumber
}
::= { tmnxSSHCipherTable 1 }
TmnxSSHCipherEntry ::= SEQUENCE
{
tmnxSSHCipherProtocolVersion INTEGER,
tmnxSSHCipherNumber TSSHCipherNumber,
tmnxSSHCipherName DisplayString
}
tmnxSSHCipherProtocolVersion OBJECT-TYPE
SYNTAX INTEGER {
version1 (1),
version2 (2)
}
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxSSHCipherProtocolVersion indicates the SSH protocol
version."
::= { tmnxSSHCipherEntry 1 }
tmnxSSHCipherNumber OBJECT-TYPE
SYNTAX TSSHCipherNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxSSHCipherNumber indicates the cipher."
::= { tmnxSSHCipherEntry 2 }
tmnxSSHCipherName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxSSHCipherName indicates the name of the cipher."
::= { tmnxSSHCipherEntry 3 }
tmnxSSHServerCipherListTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSSHServerCipherListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to configure the ordered list of ciphers allowed for SSH
protocol version 1 and SSH protocol version 2 by the SSH server."
::= { tmnxSecurityObjects 26 }
tmnxSSHServerCipherListEntry OBJECT-TYPE
SYNTAX TmnxSSHServerCipherListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single cipher in the cipher list."
INDEX {
tmnxSSHCipherProtocolVersion,
tmnxSSHServerCipherListIndex
}
::= { tmnxSSHServerCipherListTable 1 }
TmnxSSHServerCipherListEntry ::= SEQUENCE
{
tmnxSSHServerCipherListIndex Integer32,
tmnxSSHServerCipherListRowStatus RowStatus,
tmnxSSHServerCipherListNumber TSSHCipherNumber
}
tmnxSSHServerCipherListIndex OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxSSHServerCipherListIndex specifies the position of
this cipher in the cipher list."
::= { tmnxSSHServerCipherListEntry 1 }
tmnxSSHServerCipherListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxSSHServerCipherListRowStatus specifies the row status
of this entry."
::= { tmnxSSHServerCipherListEntry 2 }
tmnxSSHServerCipherListNumber OBJECT-TYPE
SYNTAX TSSHCipherNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxSSHServerCipherListNumber specifies the cipher."
DEFVAL { none }
::= { tmnxSSHServerCipherListEntry 3 }
tmnxSSHClientCipherListTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSSHClientCipherListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to configure the ordered list of ciphers allowed for SSH
protocol version 1 and SSH protocol version 2 by the SSH client."
::= { tmnxSecurityObjects 27 }
tmnxSSHClientCipherListEntry OBJECT-TYPE
SYNTAX TmnxSSHClientCipherListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single cipher in the cipher list."
INDEX {
tmnxSSHCipherProtocolVersion,
tmnxSSHClientCipherListIndex
}
::= { tmnxSSHClientCipherListTable 1 }
TmnxSSHClientCipherListEntry ::= SEQUENCE
{
tmnxSSHClientCipherListIndex Integer32,
tmnxSSHClientCipherListRowStatus RowStatus,
tmnxSSHClientCipherListNumber TSSHCipherNumber
}
tmnxSSHClientCipherListIndex OBJECT-TYPE
SYNTAX Integer32 (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxSSHClientCipherListIndex specifies the position of
this cipher in the cipher list."
::= { tmnxSSHClientCipherListEntry 1 }
tmnxSSHClientCipherListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxSSHClientCipherListRowStatus specifies the row status
of this entry."
::= { tmnxSSHClientCipherListEntry 2 }
tmnxSSHClientCipherListNumber OBJECT-TYPE
SYNTAX TSSHCipherNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of tmnxSSHClientCipherListNumber specifies the cipher."
DEFVAL { none }
::= { tmnxSSHClientCipherListEntry 3 }
tmnxCliScriptAuthObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 29 }
tmnxCliScriptAuthTblLastChange OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxCliScriptAuthTblLastChange
indicates the value of sysUpTime at the time of the last
modification of a row in the tmnxCliScriptAuthTable."
::= { tmnxCliScriptAuthObjs 1 }
tmnxCliScriptAuthTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCliScriptAuthEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The table tmnxCliScriptAuthTable contains the information pertaining
to authorization of cli script execution. User profile names are
associated with CLI command scripts started by Cron, Event Handling
System (EHS) or VSD."
::= { tmnxCliScriptAuthObjs 2 }
tmnxCliScriptAuthEntry OBJECT-TYPE
SYNTAX TmnxCliScriptAuthEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Rows in table tmnxCliScriptAuthTable are created and destroyed by SNMP
set operations on the object tmnxCliScriptAuthRowStatus."
INDEX {
tmnxCliScriptAuthUserType,
IMPLIED tmnxCliScriptAuthUserName
}
::= { tmnxCliScriptAuthTable 1 }
TmnxCliScriptAuthEntry ::= SEQUENCE
{
tmnxCliScriptAuthUserType TmnxScriptAuthType,
tmnxCliScriptAuthUserName TNamedItem,
tmnxCliScriptAuthRowStatus RowStatus
}
tmnxCliScriptAuthUserType OBJECT-TYPE
SYNTAX TmnxScriptAuthType
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the index object tmnxCliScriptAuthUserType specifies the
type of module that will execute a CLI command script. The value 'none
(0)' cannot be used as a table index."
::= { tmnxCliScriptAuthEntry 1 }
tmnxCliScriptAuthUserName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the index object tmnxCliScriptAuthUserName specifies user
profile name to be used for command authorization when executing a CLI
command script started by the module specified by the value of
tmnxCliScriptAuthUserType."
::= { tmnxCliScriptAuthEntry 2 }
tmnxCliScriptAuthRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxCliScriptAuthRowStatus
specifies the status of
the conceptual row in tmnxCliScriptAuthTable. Row is created and
destroyed by SNMP SET operations on this object. Only values
'createAndGo(4)' and 'destroy(6)' are supported."
::= { tmnxCliScriptAuthEntry 3 }
tmnxCliSessionGroupTableLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxCliSessionGroupTableLstChgd indicates the
sysUpTime at the time of the last modification of
tmnxCliSessionGroupTable.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxSecurityObjects 30 }
tmnxCliSessionGroupTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxCliSessionGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to store Cli Session Group parameters"
::= { tmnxSecurityObjects 31 }
tmnxCliSessionGroupEntry OBJECT-TYPE
SYNTAX TmnxCliSessionGroupEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"tmnxCliSessionGroupEntry is an entry in tmnxCliSessionGroupTable.
Entries in this table can be created and deleted via SNMP SET
operations to tmnxCliSessionGroupRowStatus."
INDEX { tmnxCliSessionGroupName }
::= { tmnxCliSessionGroupTable 1 }
TmnxCliSessionGroupEntry ::= SEQUENCE
{
tmnxCliSessionGroupName TNamedItem,
tmnxCliSessionGroupLastChanged TimeStamp,
tmnxCliSessionGroupRowStatus RowStatus,
tmnxCliSessionGroupDescription TItemDescription,
tmnxCliSessionGroupSshLimit TmnxSessionLimit,
tmnxCliSessionGroupTelnetLimit TmnxSessionLimit,
tmnxCliSessionGroupTotalLimit TmnxSessionLimit
}
tmnxCliSessionGroupName OBJECT-TYPE
SYNTAX TNamedItem
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the object tmnxCliSessionGroupName specifies the name of
the Cli Session Group."
::= { tmnxCliSessionGroupEntry 1 }
tmnxCliSessionGroupLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxCliSessionGroupLastChanged indicates the
timestamp of the last change of this row in tmnxCliSessionGroupTable."
::= { tmnxCliSessionGroupEntry 2 }
tmnxCliSessionGroupRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxCliSessionGroupRowStatus specifies the
status of the conceptual row in tmnxCliSessionGroupTable.
Rows are created and destroyed by SNMP SET operations on this object.
Only values 'active(1)', 'createAndGo(4)' and 'destroy(6)' are
supported."
::= { tmnxCliSessionGroupEntry 3 }
tmnxCliSessionGroupDescription OBJECT-TYPE
SYNTAX TItemDescription
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxCliSessionGroupDescription specifies the
user-provided description for given Cli Session Group."
DEFVAL { ''H }
::= { tmnxCliSessionGroupEntry 4 }
tmnxCliSessionGroupSshLimit OBJECT-TYPE
SYNTAX TmnxSessionLimit
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxCliSessionGroupSshLimit specifies the
maximum limit of concurrent SSH sessions for given Cli Session Group."
DEFVAL { -1 }
::= { tmnxCliSessionGroupEntry 5 }
tmnxCliSessionGroupTelnetLimit OBJECT-TYPE
SYNTAX TmnxSessionLimit
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxCliSessionGroupTelnetLimit specifies the
maximum limit of concurrent TELNET sessions for given Cli Session
Group."
DEFVAL { -1 }
::= { tmnxCliSessionGroupEntry 6 }
tmnxCliSessionGroupTotalLimit OBJECT-TYPE
SYNTAX TmnxSessionLimit
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxCliSessionGroupTotalLimit specifies the
combined maximum limit of concurrent TELNET and SSH sessions for given
Cli Session Group."
DEFVAL { -1 }
::= { tmnxCliSessionGroupEntry 7 }
tmnxSSHMacTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSSHMacEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This Table indicates the MAC algorithms allowed for SSH protocol
version 2."
::= { tmnxSecurityObjects 32 }
tmnxSSHMacEntry OBJECT-TYPE
SYNTAX TmnxSSHMacEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single MAC algorithm."
INDEX { tmnxSSHMacNumber }
::= { tmnxSSHMacTable 1 }
TmnxSSHMacEntry ::= SEQUENCE
{
tmnxSSHMacNumber TSSHMacNumber,
tmnxSSHMacName DisplayString
}
tmnxSSHMacNumber OBJECT-TYPE
SYNTAX TSSHMacNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxSSHMacNumber indicates the MAC algorithm."
::= { tmnxSSHMacEntry 1 }
tmnxSSHMacName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxSSHMacName indicates the name of the MAC algorithm."
::= { tmnxSSHMacEntry 2 }
tmnxSSHServerMacListTableLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerMacListTableLstChgd indicates the
timestamp of the last change to the tmnxSSHServerMacListTable. A value
of zero indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxSecurityObjects 33 }
tmnxSSHServerMacListTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSSHServerMacListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to configure the ordered list of MACs allowed for SSH protocol
version 2 by the SSH server."
::= { tmnxSecurityObjects 34 }
tmnxSSHServerMacListEntry OBJECT-TYPE
SYNTAX TmnxSSHServerMacListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single MAC algorithm in the MAC list."
INDEX { tmnxSSHServerMacListIndex }
::= { tmnxSSHServerMacListTable 1 }
TmnxSSHServerMacListEntry ::= SEQUENCE
{
tmnxSSHServerMacListIndex Unsigned32,
tmnxSSHServerMacListLastChanged TimeStamp,
tmnxSSHServerMacListRowStatus RowStatus,
tmnxSSHServerMacListNumber TSSHMacNumber
}
tmnxSSHServerMacListIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerMacListIndex specifies the
position of this MAC in the MAC list."
::= { tmnxSSHServerMacListEntry 1 }
tmnxSSHServerMacListLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerMacListLastChanged is the
timestamp of last change to this entry."
::= { tmnxSSHServerMacListEntry 2 }
tmnxSSHServerMacListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerMacListRowStatus specifies the
row status of this entry. Only values 'active(1)', 'createAndGo(4)'
and 'destroy(6)' are supported."
::= { tmnxSSHServerMacListEntry 3 }
tmnxSSHServerMacListNumber OBJECT-TYPE
SYNTAX TSSHMacNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerMacListNumber specifies the MAC
algorithm."
::= { tmnxSSHServerMacListEntry 4 }
tmnxSSHClientMacListTableLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientMacListTableLstChgd indicates the
timestamp of the last change to the tmnxSSHServerMacListTable. A value
of zero indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxSecurityObjects 35 }
tmnxSSHClientMacListTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSSHClientMacListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to configure the ordered list of MACs allowed for SSH protocol
version 2 by the SSH client."
::= { tmnxSecurityObjects 36 }
tmnxSSHClientMacListEntry OBJECT-TYPE
SYNTAX TmnxSSHClientMacListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single MAC algorithm in the MAC list."
INDEX { tmnxSSHClientMacListIndex }
::= { tmnxSSHClientMacListTable 1 }
TmnxSSHClientMacListEntry ::= SEQUENCE
{
tmnxSSHClientMacListIndex Unsigned32,
tmnxSSHClientMacListLastChanged TimeStamp,
tmnxSSHClientMacListRowStatus RowStatus,
tmnxSSHClientMacListNumber TSSHMacNumber
}
tmnxSSHClientMacListIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientMacListIndex specifies the
position of this MAC in the MAC list."
::= { tmnxSSHClientMacListEntry 1 }
tmnxSSHClientMacListLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientMacListLastChanged is the
timestamp of last change to this entry."
::= { tmnxSSHClientMacListEntry 2 }
tmnxSSHClientMacListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientMacListRowStatus specifies the
row status of this entry. Only values 'active(1)', 'createAndGo(4)'
and 'destroy(6)' are supported."
::= { tmnxSSHClientMacListEntry 3 }
tmnxSSHClientMacListNumber OBJECT-TYPE
SYNTAX TSSHMacNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientMacListNumber specifies the MAC
algorithm."
::= { tmnxSSHClientMacListEntry 4 }
tmnxSSHServerKeyReExchangeObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 37 }
tmnxSSHServerKeyReExLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerKeyReExLastChanged indicates the
timestamp of the last change to the tmnxSSHServerKeyReExchangeObjs. A
value of 0 indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxSSHServerKeyReExchangeObjs 1 }
tmnxSSHServerKeyReExAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerKeyReExAdminState specifies the
desired administrative state of the server key re-exchange
functionality. When the value is 'outOfService' the ssh server will
not initiate key re-exchange when bytes or minutes thresholds are
reached."
DEFVAL { inService }
::= { tmnxSSHServerKeyReExchangeObjs 2 }
tmnxSSHServerKeyReExMinutes OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..1440)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerKeyReExMinutes specifies the time
interval at which the ssh server will initiate the key re-exchange
with client. When the value of tmnxSSHServerKeyReExMinutes is set to
'0', it disables initiating key re-exchange at time intervals."
DEFVAL { 60 }
::= { tmnxSSHServerKeyReExchangeObjs 3 }
tmnxSSHServerKeyReExMBytes OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..64000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerKeyReExMBytes specifies amount of
data transferred after which the ssh server will initiate the key
re-exchange with client. When the value of tmnxSSHServerKeyReExMBytes
is set to '0', it disables initiating key re-exchange based on amount
of transferred data."
DEFVAL { 1024 }
::= { tmnxSSHServerKeyReExchangeObjs 4 }
tmnxSSHClientKeyReExchangeObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 38 }
tmnxSSHClientKeyReExLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientKeyReExLastChanged indicates the
timestamp of the last change to the tmnxSSHClientKeyReExchangeObjs. A
value of 0 indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxSSHClientKeyReExchangeObjs 1 }
tmnxSSHClientKeyReExAdminState OBJECT-TYPE
SYNTAX TmnxAdminState
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientKeyReExAdminState specifies the
desired administrative state of the client key re-exchange
functionality. When the value is 'outOfService' the ssh client will
not initiate key re-exchange when bytes or minutes thresholds are
reached."
DEFVAL { inService }
::= { tmnxSSHClientKeyReExchangeObjs 2 }
tmnxSSHClientKeyReExMinutes OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..1440)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientKeyReExMinutes specifies the time
interval at which the ssh client will initiate the key re-exchange
with server. When the value of tmnxSSHClientKeyReExMinutes is set to
'0', it disables initiating key re-exchange at time intervals."
DEFVAL { 60 }
::= { tmnxSSHClientKeyReExchangeObjs 3 }
tmnxSSHClientKeyReExMBytes OBJECT-TYPE
SYNTAX Unsigned32 (0 | 1..64000)
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientKeyReExMBytes specifies amount of
data transferred after which the ssh client will initiate the key
re-exchange with server. When the value of tmnxSSHClientKeyReExMBytes
is set to '0', it disables initiating key re-exchange based on amount
of transferred data."
DEFVAL { 1024 }
::= { tmnxSSHClientKeyReExchangeObjs 4 }
tmnxServerAccessCtlObjs OBJECT IDENTIFIER ::= { tmnxSecurityObjects 39 }
tmnxAllowServersAccess OBJECT-TYPE
SYNTAX BITS {
ssh (0),
telnet (1),
ftp (2),
telnet6 (3),
netconf (4),
grpc (5)
}
MAX-ACCESS read-write
STATUS current
DESCRIPTION
"tmnxAllowServersAccess is used to allow/disallow access to management
interfaces running on the system. By default, access to all servers is
allowed."
DEFVAL { {ssh, telnet, ftp, telnet6, netconf, grpc} }
::= { tmnxServerAccessCtlObjs 1 }
tmnxServerAccessCtlObjsLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxServerAccessCtlObjsLstChgd indicates the
sysUpTime at the time of the last modification of
tmnxServerAccessCtlObjs.
If no changes were made to the table since the last re-initialization
of the local network management subsystem, then this object contains a
zero value."
::= { tmnxServerAccessCtlObjs 2 }
tmnxSSHKexTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSSHKexEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"This Table indicates the KEX algorithms allowed for SSH protocol
version 2."
::= { tmnxSecurityObjects 40 }
tmnxSSHKexEntry OBJECT-TYPE
SYNTAX TmnxSSHKexEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single KEX algorithm."
INDEX { tmnxSSHKexNumber }
::= { tmnxSSHKexTable 1 }
TmnxSSHKexEntry ::= SEQUENCE
{
tmnxSSHKexNumber TSSHKexNumber,
tmnxSSHKexName DisplayString
}
tmnxSSHKexNumber OBJECT-TYPE
SYNTAX TSSHKexNumber
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of tmnxSSHKexNumber indicates the KEX algorithm."
::= { tmnxSSHKexEntry 1 }
tmnxSSHKexName OBJECT-TYPE
SYNTAX DisplayString (SIZE (0..32))
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of tmnxSSHKexName indicates the name of the KEX algorithm."
::= { tmnxSSHKexEntry 2 }
tmnxSSHServerKexListTableLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerKexListTableLstChgd indicates the
timestamp of the last change to the tmnxSSHServerKexListTable. A value
of zero indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxSecurityObjects 41 }
tmnxSSHServerKexListTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSSHServerKexListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to configure the ordered list of KEXs allowed for SSH protocol
version 2 by the SSH server."
::= { tmnxSecurityObjects 42 }
tmnxSSHServerKexListEntry OBJECT-TYPE
SYNTAX TmnxSSHServerKexListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single KEX algorithm in the KEX list."
INDEX { tmnxSSHServerKexListIndex }
::= { tmnxSSHServerKexListTable 1 }
TmnxSSHServerKexListEntry ::= SEQUENCE
{
tmnxSSHServerKexListIndex Unsigned32,
tmnxSSHServerKexListLastChanged TimeStamp,
tmnxSSHServerKexListRowStatus RowStatus,
tmnxSSHServerKexListNumber TSSHKexNumber
}
tmnxSSHServerKexListIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerKexListIndex specifies the
position of this KEX in the KEX list."
::= { tmnxSSHServerKexListEntry 1 }
tmnxSSHServerKexListLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerKexListLastChanged is the
timestamp of last change to this entry."
::= { tmnxSSHServerKexListEntry 2 }
tmnxSSHServerKexListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerKexListRowStatus specifies the
row status of this entry. Only values 'active(1)', 'createAndGo(4)'
and 'destroy(6)' are supported."
::= { tmnxSSHServerKexListEntry 3 }
tmnxSSHServerKexListNumber OBJECT-TYPE
SYNTAX TSSHKexNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxSSHServerKexListNumber specifies the KEX
algorithm."
::= { tmnxSSHServerKexListEntry 4 }
tmnxSSHClientKexListTableLstChgd OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientKexListTableLstChgd indicates the
timestamp of the last change to the tmnxSSHServerKexListTable. A value
of zero indicates that no changes were made to this table since the
system was last initialized."
::= { tmnxSecurityObjects 43 }
tmnxSSHClientKexListTable OBJECT-TYPE
SYNTAX SEQUENCE OF TmnxSSHClientKexListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table to configure the ordered list of KEXs allowed for SSH protocol
version 2 by the SSH client."
::= { tmnxSecurityObjects 44 }
tmnxSSHClientKexListEntry OBJECT-TYPE
SYNTAX TmnxSSHClientKexListEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Information about a single KEX algorithm in the KEX list."
INDEX { tmnxSSHClientKexListIndex }
::= { tmnxSSHClientKexListTable 1 }
TmnxSSHClientKexListEntry ::= SEQUENCE
{
tmnxSSHClientKexListIndex Unsigned32,
tmnxSSHClientKexListLastChanged TimeStamp,
tmnxSSHClientKexListRowStatus RowStatus,
tmnxSSHClientKexListNumber TSSHKexNumber
}
tmnxSSHClientKexListIndex OBJECT-TYPE
SYNTAX Unsigned32 (1..255)
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientKexListIndex specifies the
position of this KEX in the KEX list."
::= { tmnxSSHClientKexListEntry 1 }
tmnxSSHClientKexListLastChanged OBJECT-TYPE
SYNTAX TimeStamp
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientKexListLastChanged is the
timestamp of last change to this entry."
::= { tmnxSSHClientKexListEntry 2 }
tmnxSSHClientKexListRowStatus OBJECT-TYPE
SYNTAX RowStatus
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientKexListRowStatus specifies the
row status of this entry. Only values 'active(1)', 'createAndGo(4)'
and 'destroy(6)' are supported."
::= { tmnxSSHClientKexListEntry 3 }
tmnxSSHClientKexListNumber OBJECT-TYPE
SYNTAX TSSHKexNumber
MAX-ACCESS read-create
STATUS current
DESCRIPTION
"The value of the object tmnxSSHClientKexListNumber specifies the KEX
algorithm."
::= { tmnxSSHClientKexListEntry 4 }
tmnxSecurityConformance OBJECT IDENTIFIER ::= { tmnxSRConfs 22 }
tmnxSecurityCompliances OBJECT IDENTIFIER ::= { tmnxSecurityConformance 1 }
tmnxSecurity7450V4v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7450 ESS series systems release R4.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserGroup,
tmnxSecurityMafR2r1Group,
tmnxSecurityPasswordsR2r1Group,
tmnxSecurityRadiusV4v0Group,
tmnxSecurityTacPlusV4v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV3v0r2Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationGroup,
tmnxSecuritySourceIpV4v0Group
}
::= { tmnxSecurityCompliances 5 }
tmnxSecurity7750V4v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7750 SR series systems release R4.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV4v0Group,
tmnxSecurityMafR2r1Group,
tmnxSecurityPasswordsR2r1Group,
tmnxSecurityRadiusV4v0Group,
tmnxSecurityTacPlusV4v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV3v0r2Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationGroup,
tmnxSecuritySourceIpV4v0Group
}
::= { tmnxSecurityCompliances 6 }
tmnxSecurity7450V5v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7450 ESS series systems release R5.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV4v0Group,
tmnxSecurityMafR2r1Group,
tmnxSecurityPasswordsR2r1Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV5v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityRadiusAuthV5v0Group
}
::= { tmnxSecurityCompliances 7 }
tmnxSecurity7750V5v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7750/7710 SR series systems release R5.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV4v0Group,
tmnxSecurityMafR2r1Group,
tmnxSecurityPasswordsR2r1Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV5v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityRadiusAuthV5v0Group
}
::= { tmnxSecurityCompliances 8 }
tmnxSecurity7450V6v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7450 ESS series systems release R6.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV6v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup
}
::= { tmnxSecurityCompliances 9 }
tmnxSecurity7750V6v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7750/7710 SR series systems release R6.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV6v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup
}
::= { tmnxSecurityCompliances 10 }
tmnxSecurity7450V6v1Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7450 ESS series systems release R6.1."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV6v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup
}
::= { tmnxSecurityCompliances 11 }
tmnxSecurity7750V6v1Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7750/7710 SR series systems release R6.1."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV6v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup
}
::= { tmnxSecurityCompliances 12 }
tmnxSecurity7450V7v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7450 ESS series systems release R7.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV6v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group
}
::= { tmnxSecurityCompliances 13 }
tmnxSecurity7750V7v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7750/7710 SR series systems release R7.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV6v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityCpmProtNotifyV7v0Grp
}
::= { tmnxSecurityCompliances 14 }
tmnxSecurity7450V8v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7450 ESS series systems release R8.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp
}
::= { tmnxSecurityCompliances 15 }
tmnxSecurity7710V8v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7710 SR series systems release R8.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityLiGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp
}
::= { tmnxSecurityCompliances 16 }
tmnxSecurity7750V8v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7750 SR series systems release R8.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityCpmProtNotifyV7v0Grp,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp
}
::= { tmnxSecurityCompliances 17 }
tmnxSecurity7450V9v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7450 ESS series systems release R9.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxCpmProtExcdSapIpV9v0Group,
tmnxCpmProtPolNotifyV9v0Group
}
::= { tmnxSecurityCompliances 18 }
tmnxSecurity7710V9v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7710 SR series systems release R9.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityLiGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup
}
::= { tmnxSecurityCompliances 19 }
tmnxSecurity7750V9v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7750 SR series systems release R9.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityCpmProtNotifyV7v0Grp,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxCpmProtExcdSapIpV9v0Group,
tmnxCpmProtPolNotifyV9v0Group
}
::= { tmnxSecurityCompliances 20 }
tmnxSecurity7450V10v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7450 ESS series systems release R10.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityUserActionGroup,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxCertNotifyGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxCpmProtExcdSapIpV9v0Group,
tmnxCpmProtPolNotifyV9v0Group,
tmnxCpmFltrPrefixListV10v0Group,
tmnxSecTechGroup
}
::= { tmnxSecurityCompliances 21 }
tmnxSecurity7710V10v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7710 SR series systems release R10.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityUserActionGroup,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityLiGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxCertNotifyGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxCpmFltrPrefixListV10v0Group,
tmnxSecTechGroup
}
::= { tmnxSecurityCompliances 22 }
tmnxSecurity7750V10v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
7750 SR series systems release R10.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV6v0Group,
tmnxSecurityUserActionGroup,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV5v0Group,
tmnxSecurityCpmIPv6FilterV4v0Group,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityCpmProtNotifyV7v0Grp,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxCertNotifyGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxCpmProtExcdSapIpV9v0Group,
tmnxCpmProtPolNotifyV9v0Group,
tmnxCpmFltrPrefixListV10v0Group,
tmnxSecTechGroup
}
::= { tmnxSecurityCompliances 23 }
tmnxSecurityV11v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
SR series systems release R11.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserActionGroup,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV6v0Group,
tmnxSecurityPasswordsV11v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityTacPlusV11v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV11v0Grp,
tmnxSecurityCpmIPv6FltrV11v0Grp,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityCpmProtNotifyV7v0Grp,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxCertNotifyGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxRadiusUserExV11v0Group,
tmnxCpmProtExcdSapIpV9v0Group,
tmnxCpmProtPolNotifyV9v0Group,
tmnxCAProfileV11v0Group,
tmnxCpmFltrPrefixListV11v0Group,
tmnxPkiCAProfNotifyV11v0Group,
tmnxDistCpuProtectionV11v0Group,
tmnxSecurityUserV12v0Group,
tmnxCpmProtectionV11v0Group,
tmnxSecTechGroup,
tmnxSecurityNetconfV110Group,
tCAProfCmpv2SetSndrV11v0Group
}
::= { tmnxSecurityCompliances 24 }
tmnxSecurityV12v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
SR series systems release R12.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV12v0Group,
tmnxSecurityUserActionGroup,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV12v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityTacPlusV11v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV11v0Grp,
tmnxSecurityCpmIPv6FltrV11v0Grp,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityKeyChainV12v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityCpmProtNotifyV7v0Grp,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxSecurityNotifyObjsV12v0Group,
tmnxSecurityNotificationV12v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxCertNotifyGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxRadiusUserExV11v0Group,
tmnxCpmProtExcdSapIpV9v0Group,
tmnxCpmProtPolNotifyV9v0Group,
tmnxCAProfileV11v0Group,
tmnxCpmFltrPrefixListV11v0Group,
tmnxPkiCAProfNotifyV11v0Group,
tmnxDistCpuProtectionV11v0Group,
tmnxCpmProtectionV11v0Group,
tmnxSecurityCpmProtV12v0Group,
tmnxSecCpmProtNotifyV12v0Grp,
tmnxSecCpmProtNotifyObjsV12v0Grp,
tmnxSecTechGroup,
tmnxSecurityNetconfV110Group,
tmnxChainSecurityNotifyObjsGroup,
tCAProfCmpv2SetSndrV11v0Group,
tmnxSecurityPublicKeyGroup,
tmnxSecuritySSHCipherGroup,
tCAProfCmpv2HttpVerV12v0Group,
tmnxPkiCertDispFmtV12v0Group,
tmnxSecurityProfRateV12v0Group,
tmnxSecCpmProtProtocolV12v0Group,
tmnxPkiCAProfRevokeChkGroup,
tmnxSecPwdHistNotifyObjsV12v0Grp,
tmnxSecPwdHistNotifV12v0Grp
}
::= { tmnxSecurityCompliances 25 }
tmnxSecurityV13v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
SR series systems release R13.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV12v0Group,
tmnxSecurityUserActionGroup,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV12v0Group,
tmnxSecurityRadiusV5v0Group,
tmnxSecurityTacPlusV8v0Group,
tmnxSecurityTacPlusV11v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV11v0Grp,
tmnxSecurityCpmIPv6FltrV11v0Grp,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityKeyChainV12v0Group,
tmnxSecurityKeyChainV13v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityCpmProtNotifyV7v0Grp,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxSecurityNotifyObjsV12v0Group,
tmnxSecurityNotificationV12v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxCertNotifyGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxRadiusUserExV11v0Group,
tmnxCpmProtExcdSapIpV9v0Group,
tmnxCpmProtPolNotifyV9v0Group,
tmnxCAProfileV11v0Group,
tmnxCpmFltrPrefixListV11v0Group,
tmnxPkiCAProfNotifyV11v0Group,
tmnxDistCpuProtectionV11v0Group,
tmnxCpmProtectionV11v0Group,
tmnxSecurityCpmProtV12v0Group,
tmnxSecCpmProtNotifyV12v0Grp,
tmnxSecCpmProtNotifyObjsV12v0Grp,
tmnxSecTechGroup,
tmnxSecurityNetconfV110Group,
tmnxChainSecurityNotifyObjsGroup,
tCAProfCmpv2SetSndrV11v0Group,
tmnxSecurityPublicKeyGroup,
tmnxSecuritySSHCipherGroup,
tCAProfCmpv2HttpVerV12v0Group,
tmnxPkiCertDispFmtV12v0Group,
tmnxSecurityProfRateV12v0Group,
tmnxSecCpmProtProtocolV12v0Group,
tmnxPkiCAProfRevokeChkGroup,
tmnxPkiCAProf13v0Group,
tmnxCliScriptAuthUserV13v0Group,
tmnxSecurityNotifyObjsV13v0Group,
tmnxCertExpNotificationV13v0Grp,
tmnxCertExpWarningV13v0Group,
tmnxSecurityRadiusV13v0Group,
tmnxSecCertRldNotifyObjsV13v0Grp,
tmnxCertRldNotificationV13v0Grp,
tmnxPkiCAProfAtCrlUpdV13v0Group,
tmnxCliSessionGroupV13v0Group,
tmnxSecPwdHistNotifyObjsV12v0Grp,
tmnxSecPwdHistNotifV12v0Grp,
tmnxSecVsdGroup,
tmnxSessLimNotifyV13v0Grp
}
::= { tmnxSecurityCompliances 26 }
tmnxSecurityV14v0Compliance MODULE-COMPLIANCE
STATUS obsolete
DESCRIPTION
"The compliance statement for management of security features on Nokia
SR series systems release R14.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserV12v0Group,
tmnxSecurityUserActionGroup,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV12v0Group,
tmnxSecurityRadiusV14v0Group,
tmnxSecurityTacPlusV11v0Group,
tmnxSecurityTacPlusV14v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV11v0Grp,
tmnxSecurityCpmIPv6FltrV11v0Grp,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityKeyChainV12v0Group,
tmnxSecurityKeyChainV13v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityCpmProtNotifyV7v0Grp,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxSecurityNotifyObjsV12v0Group,
tmnxSecurityNotificationV12v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxCertNotifyGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxRadiusUserExV11v0Group,
tmnxCpmProtExcdSapIpV9v0Group,
tmnxCpmProtPolNotifyV9v0Group,
tmnxCAProfileV11v0Group,
tmnxCpmFltrPrefixListV11v0Group,
tmnxPkiCAProfNotifyV11v0Group,
tmnxDistCpuProtectionV11v0Group,
tmnxCpmProtectionV11v0Group,
tmnxSecurityCpmProtV12v0Group,
tmnxSecCpmProtNotifyV12v0Grp,
tmnxSecCpmProtNotifyObjsV12v0Grp,
tmnxSecTechGroup,
tmnxSecurityNetconfV110Group,
tmnxChainSecurityNotifyObjsGroup,
tCAProfCmpv2SetSndrV11v0Group,
tmnxSecurityPublicKeyGroup,
tmnxSecuritySSHCipherGroup,
tCAProfCmpv2HttpVerV12v0Group,
tmnxPkiCertDispFmtV12v0Group,
tmnxSecurityProfRateV12v0Group,
tmnxSecCpmProtProtocolV12v0Group,
tmnxPkiCAProfRevokeChkGroup,
tmnxPkiCAProf13v0Group,
tmnxCliScriptAuthUserV13v0Group,
tmnxSecurityNotifyObjsV13v0Group,
tmnxCertExpNotificationV13v0Grp,
tmnxCertExpWarningV13v0Group,
tmnxSecurityRadiusV13v0Group,
tmnxSecCertRldNotifyObjsV13v0Grp,
tmnxCertRldNotificationV13v0Grp,
tmnxPkiCAProfAtCrlUpdV13v0Group,
tmnxCliSessionGroupV13v0Group,
tmnxSecPwdHistNotifyObjsV12v0Grp,
tmnxSecPwdHistNotifV12v0Grp,
tmnxSecVsdGroup,
tmnxSessLimNotifyV13v0Grp,
tmnxLogMaxAttNotifyV14v0Grp,
tmnxSecuritySSHv2PubKeyV14v0Grp,
tmnxPkiCAProfCrlSizeLimtV14v0Grp,
tmnxSecurityNetconfLockV14v0Grp,
tmnxSecurityPasswordsV14v0Group,
tmnxSecNotifyObjsV14v0Group,
tmnxCertNotifyV14v0Group,
tmnxSecurityGrpcV15v0Grp,
tmnxPkiCNV15v0Grp,
tmnxSecuritySSHMacListV15v0Group,
tmnxSecuritySSHKeyReExV15v0Group
}
::= { tmnxSecurityCompliances 27 }
tmnxSecurityV15v1Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of security features on Nokia
SR series systems release R15.1."
MODULE
MANDATORY-GROUPS {
tmnxSecUserV15v1Group,
tmnxCAProfileV15v1Group,
tmnxLogMaxAttNotifyV15v1Grp,
tmnxSecurityMafMacFilterGroup
}
::= { tmnxSecurityCompliances 28 }
tmnxSecurityV16v0Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of security features on Nokia
SR series systems release R16.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityGrpcV16v0Grp,
tmnxHashControlV16v0Group,
tmnxServerAccessCtlV16v0Group,
tmnxPkiV16v0Group,
tmnxCAProfileV16v0Group
}
::= { tmnxSecurityCompliances 29 }
tmnxSecurityV19v0Compliance MODULE-COMPLIANCE
STATUS current
DESCRIPTION
"The compliance statement for management of security features on Nokia
SR series systems release R19.0."
MODULE
MANDATORY-GROUPS {
tmnxSecurityUserActionGroup,
tmnxSecurityMafV6v0Group,
tmnxSecurityPasswordsV12v0Group,
tmnxSecurityRadiusV14v0Group,
tmnxSecurityTacPlusV11v0Group,
tmnxSecurityTacPlusV14v0Group,
tmnxSecurityServerCtlV4v0Group,
tmnxSecurityCpmGroup,
tmnxSecurityPasswordHashGroup,
tmnxSecurityCpmIpFilterV11v0Grp,
tmnxSecurityCpmIPv6FltrV11v0Grp,
tmnxSSHServerV4v0Group,
tmnxSecurityNotificationV5v0Group,
tmnxSecuritySourceIpV4v0Group,
tmnxSecurityKeyChainV5v0Group,
tmnxSecurityKeyChainV12v0Group,
tmnxSecurityKeyChainV13v0Group,
tmnxSecurityCpmProtectGroup,
tmnxSecurityLiGroup,
tmnxSecurityCpmProtNotificationGroup,
tmnxSecurityCpmMacFilterGroup,
tmnxSecurityMafMacFilterGroup,
tmnxSecurityRadiusAuthV5v0Group,
tmnxSecurityV7v0Group,
tmnxSecurityCpmProtNotifyV7v0Grp,
tmnxSecurityNotifyObjsV8v0Group,
tmnxSecurityNotificationV8v0Grp,
tmnxSecurityNotifyObjsV12v0Group,
tmnxSecurityNotificationV12v0Grp,
tmnxCpmProtEthCfmPolV8v0Grp,
tmnxCpmProtPolV8v0Grp,
tmnxCpmProtPolNotifyV8v0Grp,
tmnxSecPkiV9v0Grp,
tmnxSecurityNwExceptionsGroup,
tmnxCertNotifyGroup,
tmnxRadiusUserGroup,
tmnxRadiusUserExGroup,
tmnxRadiusUserExV11v0Group,
tmnxCpmProtExcdSapIpV9v0Group,
tmnxCpmProtPolNotifyV9v0Group,
tmnxCAProfileV11v0Group,
tmnxCpmFltrPrefixListV11v0Group,
tmnxPkiCAProfNotifyV11v0Group,
tmnxDistCpuProtectionV11v0Group,
tmnxCpmProtectionV11v0Group,
tmnxSecurityCpmProtV12v0Group,
tmnxSecCpmProtNotifyV12v0Grp,
tmnxSecCpmProtNotifyObjsV12v0Grp,
tmnxSecTechGroup,
tmnxSecurityNetconfV110Group,
tmnxChainSecurityNotifyObjsGroup,
tCAProfCmpv2SetSndrV11v0Group,
tmnxSecurityPublicKeyGroup,
tmnxSecuritySSHCipherGroup,
tCAProfCmpv2HttpVerV12v0Group,
tmnxPkiCertDispFmtV12v0Group,
tmnxSecurityProfRateV12v0Group,
tmnxSecCpmProtProtocolV12v0Group,
tmnxPkiCAProfRevokeChkGroup,
tmnxPkiCAProf13v0Group,
tmnxCliScriptAuthUserV13v0Group,
tmnxSecurityNotifyObjsV13v0Group,
tmnxCertExpNotificationV13v0Grp,
tmnxCertExpWarningV13v0Group,
tmnxSecurityRadiusV13v0Group,
tmnxSecCertRldNotifyObjsV13v0Grp,
tmnxCertRldNotificationV13v0Grp,
tmnxPkiCAProfAtCrlUpdV13v0Group,
tmnxCliSessionGroupV13v0Group,
tmnxSecPwdHistNotifyObjsV12v0Grp,
tmnxSecPwdHistNotifV12v0Grp,
tmnxSecVsdGroup,
tmnxSessLimNotifyV13v0Grp,
tmnxLogMaxAttNotifyV14v0Grp,
tmnxSecuritySSHv2PubKeyV14v0Grp,
tmnxPkiCAProfCrlSizeLimtV14v0Grp,
tmnxSecurityNetconfLockV14v0Grp,
tmnxSecurityPasswordsV14v0Group,
tmnxSecNotifyObjsV14v0Group,
tmnxCertNotifyV14v0Group,
tmnxSecurityGrpcV15v0Grp,
tmnxPkiCNV15v0Grp,
tmnxSecuritySSHMacListV15v0Group,
tmnxSecuritySSHKeyReExV15v0Group,
tmnxSecUserV19v0Group,
tmnxSecuritySSHKexListV19v0Group
}
::= { tmnxSecurityCompliances 30 }
tmnxSecurityGroups OBJECT IDENTIFIER ::= { tmnxSecurityConformance 2 }
tmnxSecurityUserGroup OBJECT-GROUP
OBJECTS {
tmnxUserProfileRowStatus,
tmnxUserProfileDefaultAction,
tmnxUserProfileMatchRowStatus,
tmnxUserProfileMatchDescription,
tmnxUserProfileMatchAction,
tmnxUserProfileMatchString,
tmnxUserRowStatus,
tmnxUserPassword,
tmnxUserPasswordEncrypted,
tmnxUserAccess,
tmnxUserHomeDirectory,
tmnxUserRestrictedToHome,
tmnxUserConsoleLoginExecFile,
tmnxUserConsoleCannotChangePswd,
tmnxUserConsoleNewPswdAtLogin,
tmnxUserConsoleMemberProfile1,
tmnxUserConsoleMemberProfile2,
tmnxUserConsoleMemberProfile3,
tmnxUserConsoleMemberProfile4,
tmnxUserConsoleMemberProfile5,
tmnxUserConsoleMemberProfile6,
tmnxUserConsoleMemberProfile7,
tmnxUserConsoleMemberProfile8,
tmnxUserAttemptedLogins,
tmnxUserSuccessfulLogins,
tmnxUserPasswordChanged
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of user security
capabilities on Nokia SROS series systems."
::= { tmnxSecurityGroups 1 }
tmnxSecurityMafR2r1Group OBJECT-GROUP
OBJECTS {
tmnxMafRowStatus,
tmnxMafDefaultAction,
tmnxMafAdminState,
tmnxMafMatchRowStatus,
tmnxMafMatchLastChanged,
tmnxMafMatchAction,
tmnxMafMatchDescription,
tmnxMafMatchSrcIpAddr,
tmnxMafMatchSrcIpMask,
tmnxMafMatchSrcPortType,
tmnxMafMatchSrcPortId,
tmnxMafMatchDestPort,
tmnxMafMatchDestPortMask,
tmnxMafMatchProtocol,
tmnxMafMatchCount,
tmnxMafMatchRouter,
tmnxMafMatchLog
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of Management Access
Filters (MAF) capabilities on Nokia SROS series systems release 2.1."
::= { tmnxSecurityGroups 6 }
tmnxSecurityPasswordsR2r1Group OBJECT-GROUP
OBJECTS {
tmnxPasswordAging,
tmnxPasswordMinLength,
tmnxPasswordComplexity,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsTime,
tmnxPasswordAttemptsLockoutPeriod,
tmnxPasswordAuthenOrder1,
tmnxPasswordAuthenOrder2,
tmnxPasswordAuthenOrder3,
tmnxPasswordAuthenExitOnReject,
tmnxAdminPassword,
tmnxAdminPasswordEncrypted,
tmnxPasswordHealthCheck
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of passwords on Nokia SROS
series systems."
::= { tmnxSecurityGroups 7 }
tmnxSecurityCpmGroup OBJECT-GROUP
OBJECTS {
tmnxCpmPerPeerQueuing,
tmnxCpmQueuesTotal,
tmnxCpmQueuesInUse
}
STATUS current
DESCRIPTION
"The group of objects supporting CPM security capabilities for revision
2.1 on Nokia SROS series systems."
::= { tmnxSecurityGroups 11 }
tmnxSecurityPasswordHashGroup OBJECT-GROUP
OBJECTS {
tmnxPassHashReadVersion,
tmnxPassHashWriteVersion
}
STATUS current
DESCRIPTION
"The group of objects supporting password hashing capabilities for
revision 2.1 on Nokia SROS series systems."
::= { tmnxSecurityGroups 12 }
tmnxSecurityNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxSSHServerPreserveKeyFail
}
STATUS obsolete
DESCRIPTION
"The group of notifications supporting security in revision 3.0 on
Nokia SROS series systems."
::= { tmnxSecurityGroups 14 }
tmnxSecurityCpmIpFilterV3v0r2Group OBJECT-GROUP
OBJECTS {
tCpmFilterQueueRowStatus,
tCpmFilterQueueLastChanged,
tCpmFilterQueueAdminPIR,
tCpmFilterQueueAdminCIR,
tCpmFilterQueueCBS,
tCpmFilterQueueMBS,
tCpmFilterQueueReferences,
tCpmFilterDefaultAction,
tCpmIpFilterAdminState,
tCpmIpFilterEntryRowStatus,
tCpmIpFilterEntryLastChanged,
tCpmIpFilterEntryLogId,
tCpmIpFilterEntryDescription,
tCpmIpFilterEntryAction,
tCpmIpFilterEntryQueueId,
tCpmIpFilterEntrySrcIPAddr,
tCpmIpFilterEntrySrcIPMask,
tCpmIpFilterEntryDestIPAddr,
tCpmIpFilterEntryDestIPMask,
tCpmIpFilterEntryProtocol,
tCpmIpFilterEntrySrcPort,
tCpmIpFilterEntrySrcPortMask,
tCpmIpFilterEntryDestPort,
tCpmIpFilterEntryDestPortMask,
tCpmIpFilterEntryDSCP,
tCpmIpFilterEntryFragment,
tCpmIpFilterEntryOptionPresent,
tCpmIpFilterEntryIPOptionValue,
tCpmIpFilterEntryIPOptionMask,
tCpmIpFilterEntryMultipleOption,
tCpmIpFilterEntryTcpSyn,
tCpmIpFilterEntryTcpAck,
tCpmIpFilterEntryIcmpCode,
tCpmIpFilterEntryIcmpType,
tCpmIpFilterEntryVRtrId,
tCpmIpFilterEntryLogCreated,
tCpmIpFilterStatsDroppedPkts,
tCpmIpFilterStatsForwardedPkts,
tCpmFilterQInProfileDropPkts,
tCpmFilterQInProfileFwdPkts,
tCpmFilterQInProfileDropOctets,
tCpmFilterQInProfileFwdOctets,
tCpmFilterQOutProfileDropPkts,
tCpmFilterQOutProfileFwdPkts,
tCpmFilterQOutProfileDropOctets,
tCpmFilterQOutProfileFwdOctets
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting the CPM hardware filter capabilities
for revision 3.0r2 on Nokia SROS series systems."
::= { tmnxSecurityGroups 17 }
tmnxSecurityCpmIPv6FilterV4v0Group OBJECT-GROUP
OBJECTS {
tCpmIPv6FilterEntryRowStatus,
tCpmIPv6FilterEntryLastChanged,
tCpmIPv6FilterEntryLogId,
tCpmIPv6FilterEntryDescription,
tCpmIPv6FilterEntryAction,
tCpmIPv6FilterEntryQueueId,
tCpmIPv6FilterEntrySrcIPAddr,
tCpmIPv6FilterEntrySrcIPMask,
tCpmIPv6FilterEntryDestIPAddr,
tCpmIPv6FilterEntryDestIPMask,
tCpmIPv6FilterEntryNextHeader,
tCpmIPv6FilterEntrySrcPort,
tCpmIPv6FilterEntrySrcPortMask,
tCpmIPv6FilterEntryDestPort,
tCpmIPv6FilterEntryDestPortMask,
tCpmIPv6FilterEntryDSCP,
tCpmIPv6FilterEntryTcpSyn,
tCpmIPv6FilterEntryTcpAck,
tCpmIPv6FilterEntryIcmpCode,
tCpmIPv6FilterEntryIcmpType,
tCpmIPv6FilterEntryVRtrId,
tCpmIPv6FilterEntryLogCreated,
tCpmIPv6FilterEntryFlowLabel,
tCpmIPv6FilterStatsDroppedPkts,
tCpmIPv6FilterStatsForwardedPkts,
tCpmIPv6FilterAdminState
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting the CPM hardware filter IPv6
capabilities for revision 4.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 18 }
tmnxSecurityServerCtlV4v0Group OBJECT-GROUP
OBJECTS {
tmnxEnableServers,
tmnxTelnetServerOperStatus,
tmnxSSHServerOperStatus,
tmnxFTPServerOperStatus,
tmnxTelnet6ServerOperStatus
}
STATUS current
DESCRIPTION
"The group of objects supporting management of TELNET/SSH/FTP
capabilities for revision 4.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 19 }
tmnxSSHServerV4v0Group OBJECT-GROUP
OBJECTS {
tmnxSSHServerPreserveKey,
tmnxSSHServerVersion
}
STATUS current
DESCRIPTION
"The group of objects supporting management of SSH capabilities for
revision 4.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 20 }
tmnxSecuritySourceIpV4v0Group OBJECT-GROUP
OBJECTS {
tmnxSourceIPRowStatus,
tmnxSourceIPAddressType,
tmnxSourceIPAddress,
tmnxSourceIPIfIndex,
tmnxSourceIPOperStatus
}
STATUS current
DESCRIPTION
"The group of objects supporting management of application source IP
address override capabilities for revision 4.0 on Nokia SROS series
systems."
::= { tmnxSecurityGroups 21 }
tmnxSecurityRadiusV4v0Group OBJECT-GROUP
OBJECTS {
tmnxRadiusAdminStatus,
tmnxRadiusAccounting,
tmnxRadiusAuthorization,
tmnxRadiusRetryAttempts,
tmnxRadiusTimeout,
tmnxRadiusPort,
tmnxRadiusServerAddress,
tmnxRadiusServerSecret,
tmnxRadiusServerOperStatus,
tmnxRadiusServerRowStatus,
tmnxRadiusConfigured,
tmnxRadiusPEDiscovery,
tmnxRadiusPEDiscoveryPassword,
tmnxRadiusPEDiscoveryInterval,
tmnxRadiusPEForceDiscovery,
tmnxRadiusPEForceDiscoverySvcId,
tmnxRadiusAccountingPort
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of RADIUS capabilities for
revision 4.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 22 }
tmnxSecurityTacPlusV4v0Group OBJECT-GROUP
OBJECTS {
tmnxTacPlusAdminStatus,
tmnxTacPlusTimeout,
tmnxTacPlusServerAddress,
tmnxTacPlusServerSecret,
tmnxTacPlusServerRowStatus,
tmnxTacPlusServerOperStatus,
tmnxTacPlusAccounting,
tmnxTacPlusAcctRecType,
tmnxTacPlusAuthorization,
tmnxTacPlusSingleConnection,
tmnxTacPlusConfigured,
tmnxTacplusUseTemplate
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of TACACS+ capabilities for
revision 4.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 23 }
tmnxSecurityObsoleteGroup OBJECT-GROUP
OBJECTS {
tmnxRadiusSourceAddress,
tmnxTacPlusServerAddress,
tmnxTacPlusSourceAddress,
tmnxRadiusPEDiscovery,
tmnxRadiusPEDiscoveryPassword,
tmnxRadiusPEDiscoveryInterval,
tmnxRadiusServerAddress,
tmnxPasswordComplexity
}
STATUS current
DESCRIPTION
"The group of objects in TIMETRA-SECURITY-MIB which are obsoleted."
::= { tmnxSecurityGroups 24 }
tmnxSecurityUserV4v0Group OBJECT-GROUP
OBJECTS {
tmnxUserProfileRowStatus,
tmnxUserProfileDefaultAction,
tmnxUserProfileMatchRowStatus,
tmnxUserProfileMatchDescription,
tmnxUserProfileMatchAction,
tmnxUserProfileMatchString,
tmnxUserRowStatus,
tmnxUserPassword,
tmnxUserPasswordEncrypted,
tmnxUserAccess,
tmnxUserHomeDirectory,
tmnxUserRestrictedToHome,
tmnxUserConsoleLoginExecFile,
tmnxUserConsoleCannotChangePswd,
tmnxUserConsoleNewPswdAtLogin,
tmnxUserConsoleMemberProfile1,
tmnxUserConsoleMemberProfile2,
tmnxUserConsoleMemberProfile3,
tmnxUserConsoleMemberProfile4,
tmnxUserConsoleMemberProfile5,
tmnxUserConsoleMemberProfile6,
tmnxUserConsoleMemberProfile7,
tmnxUserConsoleMemberProfile8,
tmnxUserAttemptedLogins,
tmnxUserSuccessfulLogins,
tmnxUserPasswordChanged,
tmnxTemplateAccess,
tmnxTemplateHomeDirectory,
tmnxTemplateRestrictedToHome,
tmnxTemplateConsoleLoginExecFile
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of user security
capabilities on Nokia SROS series systems."
::= { tmnxSecurityGroups 25 }
tmnxSecurityKeyChainV5v0Group OBJECT-GROUP
OBJECTS {
tmnxKeyChainRowStatus,
tmnxKeyChainDescription,
tmnxKeyChainReceiveTcpOptionNum,
tmnxKeyChainSendTcpOptionNum,
tmnxKeyChainAdminState,
tmnxKeyChainOperState,
tmnxKeyChainKeyRowStatus,
tmnxKeyChainAuthenticationKey,
tmnxKeyChainKeyAlgorithm,
tmnxKeyChainKeyBeginTime,
tmnxKeyChainKeyEndTime,
tmnxKeyChainKeyTolerance,
tmnxKeyChainKeyAdminState
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Keychain capabilities
for revision 5.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 26 }
tmnxSecurityRadiusV5v0Group OBJECT-GROUP
OBJECTS {
tmnxRadiusAdminStatus,
tmnxRadiusAccounting,
tmnxRadiusAuthorization,
tmnxRadiusTimeout,
tmnxRadiusPort,
tmnxRadiusServerSecret,
tmnxRadiusServerOperStatus,
tmnxRadiusServerRowStatus,
tmnxRadiusRetryAttempts,
tmnxRadiusConfigured,
tmnxRadiusPEForceDiscovery,
tmnxRadiusPEForceDiscoverySvcId,
tmnxRadiusAccountingPort,
tmnxRadiusServerInetAddressType,
tmnxRadiusServerInetAddress,
tmnxRadiusUseTemplate
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of RADIUS capabilities for
revision 5.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 27 }
tmnxSecurityTacPlusV5v0Group OBJECT-GROUP
OBJECTS {
tmnxTacPlusAdminStatus,
tmnxTacPlusTimeout,
tmnxTacPlusServerSecret,
tmnxTacPlusServerRowStatus,
tmnxTacPlusServerOperStatus,
tmnxTacPlusAccounting,
tmnxTacPlusAcctRecType,
tmnxTacPlusAuthorization,
tmnxTacPlusSingleConnection,
tmnxTacPlusConfigured,
tmnxTacplusUseTemplate,
tmnxTacPlusServerInetAddressType,
tmnxTacPlusServerInetAddress
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of TACACS+ capabilities for
revision 5.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 28 }
tmnxSecurityCpmIpFilterV5v0Group OBJECT-GROUP
OBJECTS {
tCpmFilterQueueRowStatus,
tCpmFilterQueueLastChanged,
tCpmFilterQueueAdminPIR,
tCpmFilterQueueAdminCIR,
tCpmFilterQueueCBS,
tCpmFilterQueueMBS,
tCpmFilterQueueReferences,
tCpmFilterQueueOperPIR,
tCpmFilterQueueOperCIR,
tCpmFilterDefaultAction,
tCpmIpFilterAdminState,
tCpmIpFilterEntryRowStatus,
tCpmIpFilterEntryLastChanged,
tCpmIpFilterEntryLogId,
tCpmIpFilterEntryDescription,
tCpmIpFilterEntryAction,
tCpmIpFilterEntryQueueId,
tCpmIpFilterEntrySrcIPAddr,
tCpmIpFilterEntrySrcIPMask,
tCpmIpFilterEntryDestIPAddr,
tCpmIpFilterEntryDestIPMask,
tCpmIpFilterEntryProtocol,
tCpmIpFilterEntrySrcPort,
tCpmIpFilterEntrySrcPortMask,
tCpmIpFilterEntryDestPort,
tCpmIpFilterEntryDestPortMask,
tCpmIpFilterEntryDSCP,
tCpmIpFilterEntryFragment,
tCpmIpFilterEntryOptionPresent,
tCpmIpFilterEntryIPOptionValue,
tCpmIpFilterEntryIPOptionMask,
tCpmIpFilterEntryMultipleOption,
tCpmIpFilterEntryTcpSyn,
tCpmIpFilterEntryTcpAck,
tCpmIpFilterEntryIcmpCode,
tCpmIpFilterEntryIcmpType,
tCpmIpFilterEntryVRtrId,
tCpmIpFilterEntryLogCreated,
tCpmIpFilterStatsDroppedPkts,
tCpmIpFilterStatsForwardedPkts,
tCpmFilterQInProfileDropPkts,
tCpmFilterQInProfileFwdPkts,
tCpmFilterQInProfileDropOctets,
tCpmFilterQInProfileFwdOctets,
tCpmFilterQOutProfileDropPkts,
tCpmFilterQOutProfileFwdPkts,
tCpmFilterQOutProfileDropOctets,
tCpmFilterQOutProfileFwdOctets
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting the CPM hardware filter capabilities
for revision 5.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 29 }
tmnxSecurityNotificationV5v0Group NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxSSHServerPreserveKeyFail,
tmnxKeyChainAuthFailure
}
STATUS current
DESCRIPTION
"The group of notifications supporting security in revision 5.0 on
Nokia SROS series systems."
::= { tmnxSecurityGroups 30 }
tmnxSecurityNotifyObjsGroup OBJECT-GROUP
OBJECTS {
tmnxKeyChainAuthFailReason,
tmnxKeyChainAuthAddrType,
tmnxKeyChainAuthAddr
}
STATUS current
DESCRIPTION
"The group of objects supporting security notifications on Nokia SROS
series systems 5.0 release."
::= { tmnxSecurityGroups 31 }
tmnxSecurityTacPlusV6v0Group OBJECT-GROUP
OBJECTS {
tmnxTacPlusAdminStatus,
tmnxTacPlusTimeout,
tmnxTacPlusServerSecret,
tmnxTacPlusServerRowStatus,
tmnxTacPlusServerOperStatus,
tmnxTacPlusAccounting,
tmnxTacPlusAcctRecType,
tmnxTacPlusAuthorization,
tmnxTacPlusSingleConnection,
tmnxTacPlusConfigured,
tmnxTacplusUseTemplate,
tmnxTacPlusServerInetAddressType,
tmnxTacPlusServerInetAddress,
tmnxTacPlusServerPort
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of TACACS+ capabilities for
revision 6.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 32 }
tmnxSecurityPasswordsV6v0Group OBJECT-GROUP
OBJECTS {
tmnxPasswordAging,
tmnxPasswordMinLength,
tmnxPasswordComplexity,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsTime,
tmnxPasswordAttemptsLockoutPeriod,
tmnxPasswordAuthenOrder1,
tmnxPasswordAuthenOrder2,
tmnxPasswordAuthenOrder3,
tmnxPasswordAuthenExitOnReject,
tmnxAdminPassword,
tmnxAdminPasswordEncrypted,
tmnxPasswordHealthCheck,
tmnxPasswordHealthCheckInterval
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of passwords on Nokia SROS
series systems."
::= { tmnxSecurityGroups 33 }
tmnxSecurityMafV6v0Group OBJECT-GROUP
OBJECTS {
tmnxGenMafTableLastChanged,
tmnxMafIPMatchTableLastChanged,
tmnxGenMafLastModified,
tmnxGenMafRowStatus,
tmnxGenMafAdminState,
tmnxGenMafDefaultAction,
tmnxIPMafMatchRowStatus,
tmnxIPMafMatchLastChanged,
tmnxIPMafMatchAction,
tmnxIPMafMatchDescription,
tmnxIPMafMatchSrcIpAddrType,
tmnxIPMafMatchSrcIpAddr,
tmnxIPMafMatchSrcIpMask,
tmnxIPMafMatchSrcPortType,
tmnxIPMafMatchSrcPortId,
tmnxIPMafMatchDestPort,
tmnxIPMafMatchDestPortMask,
tmnxIPMafMatchProtNxtHdr,
tmnxIPMafMatchCount,
tmnxIPMafMatchRouter,
tmnxIPMafMatchFlowLabel,
tmnxIPMafMatchLog
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Management Access
Filters (MAF) capabilities on Nokia SROS series systems release 6.0"
::= { tmnxSecurityGroups 34 }
tmnxObsoletedObjectsV6v0Group OBJECT-GROUP
OBJECTS {
tmnxMafRowStatus,
tmnxMafDefaultAction,
tmnxMafAdminState,
tmnxMafMatchRowStatus,
tmnxMafMatchLastChanged,
tmnxMafMatchAction,
tmnxMafMatchDescription,
tmnxMafMatchSrcIpAddr,
tmnxMafMatchSrcIpMask,
tmnxMafMatchSrcPortType,
tmnxMafMatchSrcPortId,
tmnxMafMatchDestPort,
tmnxMafMatchDestPortMask,
tmnxMafMatchProtocol,
tmnxMafMatchCount,
tmnxMafMatchRouter,
tmnxMafMatchLog
}
STATUS current
DESCRIPTION
"The group of objects that are obsoleted in on Nokia SROS
series systems release 6.0"
::= { tmnxSecurityGroups 35 }
tmnxSecurityCpmProtectGroup OBJECT-GROUP
OBJECTS {
tmnxCpmProtPolTableLastChanged,
tmnxCpmProtPolRowStatus,
tmnxCpmProtPolLastChanged,
tmnxCpmProtPolDescription,
tmnxCpmProtPolPerSrcRateLimit,
tmnxCpmProtPolOverallRateLimit,
tmnxCpmProtPolAlarm,
tmnxCpmProtPolOutProfileRate,
tmnxCpmProtDropUncfgdProtocolMsg,
tmnxCpmProtLinkRateLimit,
tmnxCpmProtExcdTableLastChanged,
tmnxCpmProtExcdPeriods,
tmnxCpmProtExcdTime,
tmnxCpmProtExcdTimeStarted,
tmnxCpmProtViolPortTableLastChgd,
tmnxCpmProtViolPortPeriods,
tmnxCpmProtViolPortTimeStarted,
tmnxCpmProtViolPortTime,
tmnxCpmProtViolPortAggPeriods,
tmnxCpmProtViolPortAggTimeStart,
tmnxCpmProtViolPortAggTime,
tmnxCpmProtViolIfTableLastChgd,
tmnxCpmProtViolIfPeriods,
tmnxCpmProtViolIfTimeStarted,
tmnxCpmProtViolIfTime,
tmnxCpmProtViolSapTableLastChgd,
tmnxCpmProtViolSapPeriods,
tmnxCpmProtViolSapTimeStarted,
tmnxCpmProtViolSapTime,
tmnxCpmProtPortOverallRateLimit,
tmnxCpmProtDetectPeriod
}
STATUS current
DESCRIPTION
"The group of objects supporting management of CPM Protection on Nokia
SROS series systems."
::= { tmnxSecurityGroups 36 }
tmnxSecurityLiGroup OBJECT-GROUP
OBJECTS {
tmnxUserProfileLi
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Lawful Intercept (LI)
users."
::= { tmnxSecurityGroups 37 }
tmnxSecurityCpmProtNotificationGroup NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxCpmProtViolPort,
tmnxCpmProtViolPortAgg,
tmnxCpmProtViolIf,
tmnxCpmProtViolSap,
tmnxCpmProtViolMac
}
STATUS current
DESCRIPTION
"The group of notifications supporting CPM Protection on Nokia SROS
series systems."
::= { tmnxSecurityGroups 38 }
tmnxSecurityCpmProtNotificationObjsGroup OBJECT-GROUP
OBJECTS {
tmnxCpmProtViolMacAddress,
tmnxCpmProtViolMacPeriods
}
STATUS current
DESCRIPTION
"The group of objects supporting CPM Protection notifications."
::= { tmnxSecurityGroups 39 }
tmnxSecurityCpmMacFilterGroup OBJECT-GROUP
OBJECTS {
tCpmMacFilterAdminState,
tCpmMacFltrEntryRowStatus,
tCpmMacFltrEntryLastChanged,
tCpmMacFltrEntryLogId,
tCpmMacFltrEntryDescription,
tCpmMacFltrEntryAction,
tCpmMacFltrEntryQueueId,
tCpmMacFltrEntryFrameType,
tCpmMacFltrEntrySvcId,
tCpmMacFltrEntryDot1pValue,
tCpmMacFltrEntryDot1pMask,
tCpmMacFltrEntryDsap,
tCpmMacFltrEntryDsapMask,
tCpmMacFltrEntrySrcMAC,
tCpmMacFltrEntrySrcMACMask,
tCpmMacFltrEntryDstMAC,
tCpmMacFltrEntryDstMACMask,
tCpmMacFltrEntryEtherType,
tCpmMacFltrEntrySsap,
tCpmMacFltrEntrySsapMask,
tCpmMacFltrEntryCfmOpCodeOper,
tCpmMacFltrEntryCfmOpCodeValue1,
tCpmMacFltrEntryCfmOpCodeValue2,
tCpmMacFltrEntryLogCreated,
tCpmMacFilterStatsDroppedPkts,
tCpmMacFilterStatsForwardedPkts
}
STATUS current
DESCRIPTION
"The group of objects supporting the CPM hardware Mac filter
capabilities on Nokia SROS series systems."
::= { tmnxSecurityGroups 40 }
tmnxSecurityMafMacFilterGroup OBJECT-GROUP
OBJECTS {
tmnxMafMacMatchTableLastChanged,
tmnxMacMafMatchRowStatus,
tmnxMacMafMatchLastChanged,
tmnxMacMafMatchAction,
tmnxMacMafMatchDescription,
tmnxMacMafMatchLog,
tmnxMacMafMatchFrameType,
tmnxMacMafMatchSvcId,
tmnxMacMafMatchDot1pValue,
tmnxMacMafMatchDot1pMask,
tmnxMacMafMatchDsap,
tmnxMacMafMatchDsapMask,
tmnxMacMafMatchSrcMAC,
tmnxMacMafMatchSrcMACMask,
tmnxMacMafMatchDstMAC,
tmnxMacMafMatchDstMACMask,
tmnxMacMafMatchEtherType,
tmnxMacMafMatchSnapOui,
tmnxMacMafMatchSnapPid,
tmnxMacMafMatchSsap,
tmnxMacMafMatchSsapMask,
tmnxMacMafMatchCfmOpCodeOper,
tmnxMacMafMatchCfmOpCodeValue1,
tmnxMacMafMatchCfmOpCodeValue2,
tmnxMacMafMatchCount
}
STATUS current
DESCRIPTION
"The group of objects supporting the Maf Mac filter capabilities on
Nokia SROS series systems."
::= { tmnxSecurityGroups 41 }
tmnxSecurityUserV6v0Group OBJECT-GROUP
OBJECTS {
tmnxUserProfileRowStatus,
tmnxUserProfileDefaultAction,
tmnxUserProfileMatchRowStatus,
tmnxUserProfileMatchDescription,
tmnxUserProfileMatchAction,
tmnxUserProfileMatchString,
tmnxUserRowStatus,
tmnxUserPassword,
tmnxUserPasswordEncrypted,
tmnxUserAccess,
tmnxUserHomeDirectory,
tmnxUserRestrictedToHome,
tmnxUserConsoleLoginExecFile,
tmnxUserConsoleCannotChangePswd,
tmnxUserConsoleNewPswdAtLogin,
tmnxUserConsoleMemberProfile1,
tmnxUserConsoleMemberProfile2,
tmnxUserConsoleMemberProfile3,
tmnxUserConsoleMemberProfile4,
tmnxUserConsoleMemberProfile5,
tmnxUserConsoleMemberProfile6,
tmnxUserConsoleMemberProfile7,
tmnxUserConsoleMemberProfile8,
tmnxUserAttemptedLogins,
tmnxUserSuccessfulLogins,
tmnxUserPasswordChanged,
tmnxTemplateAccess,
tmnxTemplateHomeDirectory,
tmnxTemplateRestrictedToHome,
tmnxTemplateConsoleLoginExecFile,
tmnxTemplateProfile
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of user security
capabilities on Nokia SROS series systems."
::= { tmnxSecurityGroups 42 }
tmnxSecurityRadiusAuthV5v0Group OBJECT-GROUP
OBJECTS {
tmnxRadiusAuthAlgorithm
}
STATUS current
DESCRIPTION
"The group of objects supporting management of RADIUS capabilities for
revision 5.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 43 }
tmnxSecurityV7v0Group OBJECT-GROUP
OBJECTS {
tmnxCpmProtAllowShamLinkPackets,
tmnxCpmProtViolVdoSvcPeriods,
tmnxCpmProtViolVdoSvcTimeStarted,
tmnxCpmProtViolVdoSvcTime,
tmnxCpmProtViolVdoSvcVrtrIfIndex,
tmnxCpmProtViolVdoVrtrPeriods,
tmnxCpmProtViolVdoVrtrTimeStart,
tmnxCpmProtViolVdoVrtrTime,
tmnxCpmProtViolVdoVrtrSvcId,
tmnxCpmProtViolVdoVrtrIfIndex
}
STATUS current
DESCRIPTION
"The group of objects supporting management of CPM Protection on Nokia
SROS 7.0 series systems."
::= { tmnxSecurityGroups 44 }
tmnxSecurityCpmProtNotifyV7v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxCpmProtViolVdoSvcClient,
tmnxCpmProtViolVdoVrtrClient
}
STATUS current
DESCRIPTION
"The group of notifications supporting CPM Protection on Nokia SROS 7.0
series systems."
::= { tmnxSecurityGroups 45 }
tmnxSecurityTacPlusV8v0Group OBJECT-GROUP
OBJECTS {
tmnxTacPlusAdminStatus,
tmnxTacPlusTimeout,
tmnxTacPlusServerSecret,
tmnxTacPlusServerRowStatus,
tmnxTacPlusServerOperStatus,
tmnxTacPlusAccounting,
tmnxTacPlusAcctRecType,
tmnxTacPlusAuthorization,
tmnxTacPlusConfigured,
tmnxTacplusUseTemplate,
tmnxTacPlusServerInetAddressType,
tmnxTacPlusServerInetAddress,
tmnxTacPlusServerPort
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of TACACS+ capabilities on
Nokia SROS series systems."
::= { tmnxSecurityGroups 46 }
tmnxObsoletedObjectsV8v0Group OBJECT-GROUP
OBJECTS {
tmnxTacPlusSingleConnection
}
STATUS current
DESCRIPTION
"The group of objects that are made obsolete on Nokia SROS series
systems in release 8.0"
::= { tmnxSecurityGroups 47 }
tmnxSecurityNotifyObjsV8v0Group OBJECT-GROUP
OBJECTS {
tmnxMD5AuthFailReason,
tmnxMD5AuthAddrType,
tmnxMD5AuthAddr,
tmnxMD5AuthKey,
tmnxCpmProtPolId
}
STATUS current
DESCRIPTION
"The group of objects supporting security notifications in revision 8.0
on Nokia SROS series systems."
::= { tmnxSecurityGroups 48 }
tmnxSecurityNotificationV8v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxMD5AuthFailure,
tmnxCpmProtDefPolModified
}
STATUS current
DESCRIPTION
"The group of notifications supporting security in revision 8.0 on
Nokia SROS series systems."
::= { tmnxSecurityGroups 49 }
tmnxCpmProtEthCfmPolV8v0Grp OBJECT-GROUP
OBJECTS {
tmnxCpmProtEthCfmPolTableLastChg,
tmnxCpmProtEthCfmPolRowStatus,
tmnxCpmProtEthCfmPolLastChanged,
tmnxCpmProtEthCfmPolLevelSet,
tmnxCpmProtEthCfmPolOpCodeSet,
tmnxCpmProtEthCfmPolRateLimit,
tmnxCpmProtExcdSdpBindEcmTblLChg,
tmnxCpmProtExcdSdpBindEcmPeriods,
tmnxCpmProtExcdSdpBindEcmStarted,
tmnxCpmProtExcdSdpBindEcmTime,
tmnxCpmProtExcdSapEcmTblLChg,
tmnxCpmProtExcdSapEcmPeriods,
tmnxCpmProtExcdSapEcmStarted,
tmnxCpmProtExcdSapEcmTime
}
STATUS current
DESCRIPTION
"The group of objects supporting CPM protection policies for Ethernet
CFM packets in revision 8.0 R5 on Nokia SROS systems."
::= { tmnxSecurityGroups 50 }
tmnxCpmProtPolV8v0Grp OBJECT-GROUP
OBJECTS {
tmnxCpmProtViolSdpBindTblLastChg,
tmnxCpmProtViolSdpBindPeriods,
tmnxCpmProtViolSdpBindTimeStartd,
tmnxCpmProtViolSdpBindTime,
tmnxCpmProtExcdSdpBindTblLastChg,
tmnxCpmProtExcdSdpBindPeriods,
tmnxCpmProtExcdSdpBindTimeStartd,
tmnxCpmProtExcdSdpBindTime
}
STATUS current
DESCRIPTION
"The group of objects supporting CPM protection policies in revision
8.0 R5 on Nokia SROS systems."
::= { tmnxSecurityGroups 51 }
tmnxCpmProtPolNotifyV8v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxCpmProtViolSdpBind,
tmnxCpmProtExcdSdpBind,
tmnxCpmProtExcdSapEcm,
tmnxCpmProtExcdSdpBindEcm
}
STATUS current
DESCRIPTION
"The group of notifications supporting CPM protection policies in
revision 8.0 R5 on Nokia SROS systems."
::= { tmnxSecurityGroups 52 }
tmnxSecPkiV9v0Grp OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfileAdminState,
tmnxPkiCAProfileCRLFile,
tmnxPkiCAProfileCertFile,
tmnxPkiCAProfileDescr,
tmnxPkiCAProfileLastChanged,
tmnxPkiCAProfileRowStatus,
tmnxPkiCAProfileTableLastChanged,
tmnxPkiMaxCertChainDepth,
tmnxPkiCAProfileOperFlags,
tmnxPkiCAProfileOperState,
tmnxCertMgrAuthFailed,
tmnxCertMgrAuthPassed,
tmnxCertMgrTotalAuth
}
STATUS current
DESCRIPTION
"The tmnxSecPkiV9v0Grp indicates the group of objects supporting PKI
objects in revision 9.0 R4 on Nokia SROS systems."
::= { tmnxSecurityGroups 53 }
tmnxSecurityNwExceptionsGroup OBJECT-GROUP
OBJECTS {
tmnxCpmVprnNwExceptions,
tmnxCpmNumVprnNwExceptions,
tmnxCpmVprnNwExceptionsTime
}
STATUS current
DESCRIPTION
"The group of objects supporting MPLS Network Exception capabilities
for on Nokia SROS series systems."
::= { tmnxSecurityGroups 54 }
tmnxCertNotifyGroup NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxPkiCAProfCrlUpdateStart,
tmnxPkiCAProfCrlUpdateSuccess,
tmnxPkiCAProfCrlUpdateUrlFail,
tmnxPkiCAProfCrlUpdAllUrlsFail,
tmnxPkiFileWriteFailed,
tmnxPkiCAProfCrlUpdNoNxtUpdTime,
tmnxPkiCAProfCrlUpdLargPreUpdTm,
tmnxPkiFileReadFailed,
tmnxPkiCertVerificationFailed,
tmnxCAProfileStateChange
}
STATUS current
DESCRIPTION
"The group of notifications supporting CA Profile certificate
capabilities on Nokia SROS systems."
::= { tmnxSecurityGroups 55 }
tmnxSecNotifyObjsV10v0Group OBJECT-GROUP
OBJECTS {
tmnxSecNotifCert,
tmnxSecNotifFailureReason,
tmnxSecNotifFile,
tmnxSecNotifTunnelName
}
STATUS current
DESCRIPTION
"The group of objects supporting security notifications in revision 8.0
on Nokia SROS series systems."
::= { tmnxSecurityGroups 56 }
tmnxRadiusUserGroup OBJECT-GROUP
OBJECTS {
tmnxRadiusUserAcctConnError,
tmnxRadiusUserAcctRejRx,
tmnxRadiusUserAcctReqTx,
tmnxRadiusUserBindFail,
tmnxRadiusUserLoginFail,
tmnxRadiusUserLoginPass,
tmnxRadiusUserMd5Fail,
tmnxRadiusUserOpenFail,
tmnxRadiusUserPending,
tmnxRadiusUserRecvFail,
tmnxRadiusUserReqRx,
tmnxRadiusUserReqTx,
tmnxRadiusUserSendFail,
tmnxRadiusUserSendTimeout
}
STATUS current
DESCRIPTION
"The tmnxRadiusUserGroup indicates the group of objects supporting
Radius objects on Nokia SROS systems."
::= { tmnxSecurityGroups 57 }
tmnxCpmProtExcdSapIpV9v0Group OBJECT-GROUP
OBJECTS {
tmnxCpmProtExcdSapIpTableLastChg,
tmnxCpmProtExcdSapIpPeriods,
tmnxCpmProtExcdSapIpStarted,
tmnxCpmProtExcdSapIpTime,
tmnxCpmProtPolLimDhcpCiAddrZero
}
STATUS current
DESCRIPTION
"The group of objects supporting per-SAP, per-source rate limiting of
IP packets in release 9.0 Nokia SROS series systems."
::= { tmnxSecurityGroups 58 }
tmnxCpmProtPolNotifyV9v0Group NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxCpmProtExcdSapIp
}
STATUS current
DESCRIPTION
"The group of notifications supporting CPM protection policies in Nokia
SROS systems, release 9.0."
::= { tmnxSecurityGroups 59 }
tmnxCpmFltrPrefixListV10v0Group OBJECT-GROUP
OBJECTS {
tCpmIpFilterEntrySrcIpPrefixList,
tCpmIpFilterEntryDstIpPrefixList
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of IP prefix lists in CPM
filters on Nokia SROS series systems 10.0 release."
::= { tmnxSecurityGroups 60 }
tmnxRadiusUserExGroup OBJECT-GROUP
OBJECTS {
tmnxRadiusUserAccChallengePkt
}
STATUS current
DESCRIPTION
"The tmnxRadiusUserGroup indicates the group of additional objects
supporting Radius objects on Nokia SROS systems."
::= { tmnxSecurityGroups 61 }
tmnxSecurityUserActionGroup OBJECT-GROUP
OBJECTS {
tmnxUserActionUserName,
tmnxUserActionUnlock
}
STATUS current
DESCRIPTION
"The group of objects supporting management of user lockout on Nokia
SROS systems."
::= { tmnxSecurityGroups 62 }
tmnxCpmFltrPrefixListV11v0Group OBJECT-GROUP
OBJECTS {
tCpmIpFilterEntrySrcIpPrefixList,
tCpmIpFilterEntryDstIpPrefixList,
tCpmIPv6FilterEntrySrcIpPfxList,
tCpmIPv6FilterEntryDstIpPfxList
}
STATUS current
DESCRIPTION
"The group of objects supporting management of IP prefix lists in CPM
filters on Nokia SROS series systems 11.0 release."
::= { tmnxSecurityGroups 63 }
tmnxSecurityCpmIpFilterV11v0Grp OBJECT-GROUP
OBJECTS {
tCpmFilterQueueRowStatus,
tCpmFilterQueueLastChanged,
tCpmFilterQueueAdminPIR,
tCpmFilterQueueAdminCIR,
tCpmFilterQueueCBS,
tCpmFilterQueueMBS,
tCpmFilterQueueReferences,
tCpmFilterQueueOperPIR,
tCpmFilterQueueOperCIR,
tCpmFilterDefaultAction,
tCpmIpFilterAdminState,
tCpmIpFilterEntryRowStatus,
tCpmIpFilterEntryLastChanged,
tCpmIpFilterEntryLogId,
tCpmIpFilterEntryDescription,
tCpmIpFilterEntryAction,
tCpmIpFilterEntryQueueId,
tCpmIpFilterEntrySrcIPAddr,
tCpmIpFilterEntrySrcIPMask,
tCpmIpFilterEntryDestIPAddr,
tCpmIpFilterEntryDestIPMask,
tCpmIpFilterEntryProtocol,
tCpmIpFilterEntrySrcPort,
tCpmIpFilterEntrySrcPortMask,
tCpmIpFilterEntryDestPort,
tCpmIpFilterEntryDestPortMask,
tCpmIpFilterEntryDSCP,
tCpmIpFilterEntryFragment,
tCpmIpFilterEntryOptionPresent,
tCpmIpFilterEntryIPOptionValue,
tCpmIpFilterEntryIPOptionMask,
tCpmIpFilterEntryMultipleOption,
tCpmIpFilterEntryTcpSyn,
tCpmIpFilterEntryTcpAck,
tCpmIpFilterEntryIcmpCode,
tCpmIpFilterEntryIcmpType,
tCpmIpFilterEntryVRtrId,
tCpmIpFilterEntryLogCreated,
tCpmIpFilterStatsDroppedPkts,
tCpmIpFilterStatsForwardedPkts,
tCpmFilterQInProfileDropPkts,
tCpmFilterQInProfileFwdPkts,
tCpmFilterQInProfileDropOctets,
tCpmFilterQInProfileFwdOctets,
tCpmFilterQOutProfileDropPkts,
tCpmFilterQOutProfileFwdPkts,
tCpmFilterQOutProfileDropOctets,
tCpmFilterQOutProfileFwdOctets,
tCpmIpFilterEntrySrcPortHigh,
tCpmIpFilterEntrySrcPortOper,
tCpmIpFilterEntryDestPortHigh,
tCpmIpFilterEntryDestPortOper,
tCpmIpFilterEntrySrcPortList,
tCpmIpFilterEntryDstPortList,
tCpmIpFilterEntryPortSelector
}
STATUS current
DESCRIPTION
"The group of objects supporting the CPM hardware filter capabilities
for revision 11.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 64 }
tmnxSecurityCpmIPv6FltrV11v0Grp OBJECT-GROUP
OBJECTS {
tCpmIPv6FilterEntryRowStatus,
tCpmIPv6FilterEntryLastChanged,
tCpmIPv6FilterEntryLogId,
tCpmIPv6FilterEntryDescription,
tCpmIPv6FilterEntryAction,
tCpmIPv6FilterEntryQueueId,
tCpmIPv6FilterEntrySrcIPAddr,
tCpmIPv6FilterEntrySrcIPMask,
tCpmIPv6FilterEntryDestIPAddr,
tCpmIPv6FilterEntryDestIPMask,
tCpmIPv6FilterEntryNextHeader,
tCpmIPv6FilterEntrySrcPort,
tCpmIPv6FilterEntrySrcPortMask,
tCpmIPv6FilterEntryDestPort,
tCpmIPv6FilterEntryDestPortMask,
tCpmIPv6FilterEntryDSCP,
tCpmIPv6FilterEntryTcpSyn,
tCpmIPv6FilterEntryTcpAck,
tCpmIPv6FilterEntryIcmpCode,
tCpmIPv6FilterEntryIcmpType,
tCpmIPv6FilterEntryVRtrId,
tCpmIPv6FilterEntryLogCreated,
tCpmIPv6FilterEntryFlowLabel,
tCpmIPv6FilterStatsDroppedPkts,
tCpmIPv6FilterStatsForwardedPkts,
tCpmIPv6FilterAdminState,
tCpmIPv6FilterEntrySrcPortHigh,
tCpmIPv6FilterEntrySrcPortOper,
tCpmIPv6FilterEntryDestPortHigh,
tCpmIPv6FilterEntryDestPortOper,
tCpmIPv6FilterEntrySrcPortList,
tCpmIPv6FilterEntryDstPortList,
tCpmIPv6FilterEntryPortSelector,
tCpmIPv6FilterEntryFragment,
tCpmIPv6FilterEntryHopByHopOpt
}
STATUS current
DESCRIPTION
"The group of objects supporting the CPM hardware filter IPv6
capabilities for revision 11.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 65 }
tmnxDistCpuProtectionV11v0Group OBJECT-GROUP
OBJECTS {
tmnxDCpuProtPolicyRowStatus,
tmnxDCpuProtPolicyLastMdfy,
tmnxDCpuProtPolicyDescr,
tmnxDCpuProtPolicyTblLstChg,
tmnxDCpuProtStaticPlcrTblLstChg,
tmnxDCpuProtStaticPlcrRowStatus,
tmnxDCpuProtStaticPlcrLastMdfy,
tmnxDCpuProtStaticPlcrDescr,
tmnxDCpuProtStaticPlcrPackets,
tmnxDCpuProtStaticPlcrWithin,
tmnxDCpuProtStaticPlcrInitDelay,
tmnxDCpuProtStaticPlcrKbps,
tmnxDCpuProtStaticPlcrMbs,
tmnxDCpuProtStaticPlcrExdActn,
tmnxDCpuProtStaticPlcrExdHold,
tmnxDCpuProtStaticPlcrRateType,
tmnxDCpuProtStaticPlcrDectnTime,
tmnxDCpuProtStaticPlcrLogEvent,
tmnxDCpuProtLocMonPlcrTblLstChg,
tmnxDCpuProtLocMonPlcrRowStatus,
tmnxDCpuProtLocMonPlcrLastMdfy,
tmnxDCpuProtLocMonPlcrDescr,
tmnxDCpuProtLocMonPlcrPackets,
tmnxDCpuProtLocMonPlcrWithin,
tmnxDCpuProtLocMonPlcrInitDelay,
tmnxDCpuProtLocMonPlcrKbps,
tmnxDCpuProtLocMonPlcrMbs,
tmnxDCpuProtLocMonPlcrExcdActn,
tmnxDCpuProtLocMonPlcrRateType,
tmnxDCpuProtLocMonPlcrLogEvent,
tmnxDCpuProtProtocolTblLstChg,
tmnxDCpuProtProtocolRowStatus,
tmnxDCpuProtProtocolLastMdfy,
tmnxDCpuProtProtocolEnforce,
tmnxDCpuProtProtocolEnfrcePolNme,
tmnxDCpuProtProtocolDynPackets,
tmnxDCpuProtProtocolDynWithin,
tmnxDCpuProtProtocolDynInitDly,
tmnxDCpuProtProtocolDynKbps,
tmnxDCpuProtProtocolDynMbs,
tmnxDCpuProtProtocolDynDectnTime,
tmnxDCpuProtProtocolDynExdActn,
tmnxDCpuProtProtocolDynExdHold,
tmnxDCpuProtProtocolDynRateType,
tmnxDCpuProtProtocolDynLogEvent
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Distributed Cpu
Protection on Nokia SROS series systems 11.0 release."
::= { tmnxSecurityGroups 66 }
tmnxCAProfileV11v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfCmpAccUnprotErr,
tmnxPkiCAProfCmpAccUnprotPki,
tmnxOcspCacheCertStatus,
tmnxOcspCacheExpiry,
tmnxOcspCacheCertIssuer,
tmnxOcspCacheCertSerial,
tmnxPkiCAProfActnOrigCmdTime,
tmnxPkiCAProfActnLastCAResp,
tmnxPkiCAProfActnType,
tmnxPkiCAProfAction,
tmnxPkiCAProfActnKey,
tmnxPkiCAProfActnProtKey,
tmnxPkiCAProfActnProtAlgPass,
tmnxPkiCAProfActnProtAlgRef,
tmnxPkiCAProfActnProtAlgSigCert,
tmnxPkiCAProfActnProtAlgSigHash,
tmnxPkiCAProfActnSubjectDn,
tmnxPkiCAProfActnSaveAsFile,
tmnxPkiCAProfActnNewKey,
tmnxPkiCAProfActnStatus,
tmnxPkiCAProfActnStatusString,
tmnxPkiCAProfActnStatusCode,
tmnxPkiCAProfActnSendChain,
tmnxPkiCAProfActnSendChainCA,
tmnxPkiCAProfCmpRespSignCert,
tmnxPkiCAProfOcspRespUrl,
tmnxPkiCAProfOcspSvcID,
tmnxPkiCAProfOcspVerifyCertFile,
tmnxPkiCAProfOcspVerifyCertCA,
tmnxPkiCAProfOcspVerifyCertOvr,
tmnxPkiCAProfCmpKeyRowStatus,
tmnxPkiCAProfCmpKeyLastChanged,
tmnxPkiCAProfCmpKeySecret,
tmnxPkiCAProfCmpKeyTblLastChgd,
tmnxPkiCAProfCmpHttpTimeout,
tmnxPkiCAProfCmpUrl,
tmnxPkiCAProfCmpSvcID,
tmnxPkiCAProfCmpSameRecipNonce
}
STATUS current
DESCRIPTION
"The group of objects supporting CA profile related objects Nokia SROS
series systems 11.0 release."
::= { tmnxSecurityGroups 67 }
tmnxRadiusUserExV11v0Group OBJECT-GROUP
OBJECTS {
tmnxRadiusUserAuthAvgDelay,
tmnxRadiusUserAcctAvgDelay
}
STATUS current
DESCRIPTION
"The tmnxRadiusUserGroup indicates the group of additional objects
supporting Radius objects on Nokia SROS release 11.0 systems."
::= { tmnxSecurityGroups 68 }
tmnxSecurityTacPlusV11v0Group OBJECT-GROUP
OBJECTS {
tmnxTacPlusAuthorUsePrivLvl,
tmnxTacPlusEnableAdminPrivLvl,
tmnxTacPlusPrivLvlMapUserProfile,
tmnxTacPlusPrivLvlRowStatus,
tmnxTacPlusInteractiveAuthen
}
STATUS current
DESCRIPTION
"The group of objects supporting management of TACACS+ interactive
authentication on Nokia SROS series systems."
::= { tmnxSecurityGroups 69 }
tmnxSecurityPasswordsV11v0Group OBJECT-GROUP
OBJECTS {
tmnxDynSvcPassword
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of passwords on Nokia SROS
series release 11.0 systems."
::= { tmnxSecurityGroups 70 }
tmnxPkiCAProfNotifyV11v0Group NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxPkiCAProfActnStatusChg
}
STATUS current
DESCRIPTION
"The group of notifications supporting PKI Certificate Authority
features in the Nokia SROS systems, release 11.0."
::= { tmnxSecurityGroups 71 }
tmnxCpmProtectionV11v0Group OBJECT-GROUP
OBJECTS {
tmnxCpmProtBlockPIMTunneled
}
STATUS current
DESCRIPTION
"The group of notifications supporting CPU Protocol Protection features
on Nokia SROS series release 11.0 systems."
::= { tmnxSecurityGroups 72 }
tmnxSecurityCpmProtV12v0Group OBJECT-GROUP
OBJECTS {
tmnxCpmProtPortRateActionLowPrio,
tmnxCpmProtIPSrcMonDhcp,
tCpmProtOutProfViolIfPeriods,
tCpmProtOutProfViolIfTimeStart,
tCpmProtOutProfViolIfTime,
tCpmProtOutProfViolSapPeriods,
tCpmProtOutProfViolSapTimeStart,
tCpmProtOutProfViolSapTime,
tCpmProtOutProfViolSdpBindPeriod,
tCpmProtOutProfViolSdpBindTmeStr,
tCpmProtOutProfViolSdpBindTime,
tmnxCpmProtExcdSdpBindIpPeriods,
tmnxCpmProtExcdSdpBindIpStarted,
tmnxCpmProtExcdSdpBindIpTime
}
STATUS current
DESCRIPTION
"The group of objects supporting management of CPM Protection on Nokia
SROS series release 12.0 systems."
::= { tmnxSecurityGroups 73 }
tmnxSecurityPasswordsV12v0Group OBJECT-GROUP
OBJECTS {
tmnxPasswordAging,
tmnxPasswordMinLength,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsTime,
tmnxPasswordAttemptsLockoutPeriod,
tmnxPasswordAuthenOrder1,
tmnxPasswordAuthenOrder2,
tmnxPasswordAuthenOrder3,
tmnxPasswordAuthenExitOnReject,
tmnxAdminPassword,
tmnxAdminPasswordEncrypted,
tmnxPasswordHealthCheck,
tmnxPasswordHealthCheckInterval,
tmnxDynSvcPassword,
tmnxPasswordHistory,
tmnxPasswordMinChange,
tmnxPasswordMinAge,
tmnxPasswordAllowUserName,
tmnxPasswordMaxRepeatedChars,
tmnxPasswordCreditsLowerCase,
tmnxPasswordCreditsUpperCase,
tmnxPasswordCreditsSpecialChar,
tmnxPasswordCreditsNumeric,
tmnxPasswordReqLowerCase,
tmnxPasswordReqUpperCase,
tmnxPasswordReqSpecialChar,
tmnxPasswordReqNumeric,
tmnxPasswordReqNumCharClass
}
STATUS current
DESCRIPTION
"The group of objects supporting management of passwords on Nokia SROS
series release 12.0 systems."
::= { tmnxSecurityGroups 74 }
tmnxSecCpmProtNotifyV12v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxCpmProtViolSapOutProf,
tmnxCpmProtViolIfOutProf,
tmnxCpmProtViolSdpBindOutProf,
tmnxCpmProtExcdSdpBindIp
}
STATUS current
DESCRIPTION
"The group of notifications supporting CPM protection policies on Nokia
SROS series release 12.0 systems."
::= { tmnxSecurityGroups 75 }
tmnxSecCpmProtNotifyObjsV12v0Grp OBJECT-GROUP
OBJECTS {
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"The group of objects supporting CPM Protection notifications on Nokia
SROS series release 12.0 systems."
::= { tmnxSecurityGroups 76 }
tmnxSecTechGroup OBJECT-GROUP
OBJECTS {
tmnxSecurityTechSupportLocation
}
STATUS current
DESCRIPTION
"The group of objects supporting tech-support MIB support for Nokia
SROS series release 10.0 systems."
::= { tmnxSecurityGroups 77 }
tmnxSecurityUserV12v0Group OBJECT-GROUP
OBJECTS {
tmnxUserProfileRowStatus,
tmnxUserProfileDefaultAction,
tmnxUserProfileMatchRowStatus,
tmnxUserProfileMatchDescription,
tmnxUserProfileMatchAction,
tmnxUserProfileMatchString,
tmnxUserRowStatus,
tmnxUserPassword,
tmnxUserAccess,
tmnxUserHomeDirectory,
tmnxUserRestrictedToHome,
tmnxUserConsoleLoginExecFile,
tmnxUserConsoleCannotChangePswd,
tmnxUserConsoleNewPswdAtLogin,
tmnxUserConsoleMemberProfile1,
tmnxUserConsoleMemberProfile2,
tmnxUserConsoleMemberProfile3,
tmnxUserConsoleMemberProfile4,
tmnxUserConsoleMemberProfile5,
tmnxUserConsoleMemberProfile6,
tmnxUserConsoleMemberProfile7,
tmnxUserConsoleMemberProfile8,
tmnxUserAttemptedLogins,
tmnxUserSuccessfulLogins,
tmnxUserPasswordChanged,
tmnxUserActionClearPwdHistory,
tmnxTemplateAccess,
tmnxTemplateHomeDirectory,
tmnxTemplateRestrictedToHome,
tmnxTemplateConsoleLoginExecFile,
tmnxTemplateProfile
}
STATUS obsolete
DESCRIPTION
"The group of objects supporting management of user security
capabilities on Nokia SROS series systems."
::= { tmnxSecurityGroups 78 }
tmnxSecurityV12v0ObsoletedGroup OBJECT-GROUP
OBJECTS {
tmnxUserPasswordEncrypted
}
STATUS current
DESCRIPTION
"The group of objects obsoleted in release 12.0 of the capabilities on
Nokia SROS series systems."
::= { tmnxSecurityGroups 79 }
tmnxSecurityNetconfV110Group OBJECT-GROUP
OBJECTS {
tmnxUserProfileNCKillSession
}
STATUS current
DESCRIPTION
"The group of objects supporting management of NETCONF operations and
users."
::= { tmnxSecurityGroups 80 }
tmnxChainSecurityNotifyObjsGroup NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxSecComputeCertChainFailure
}
STATUS current
DESCRIPTION
"The group of objects supporting security chain notifications on Nokia
SROS series release 12.0 systems."
::= { tmnxSecurityGroups 81 }
tCAProfCmpv2SetSndrV11v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfCmpAlSetSndrForIr
}
STATUS current
DESCRIPTION
"The group of objects supporting CA profile related objects Nokia SROS
series systems 11.0 release."
::= { tmnxSecurityGroups 82 }
tmnxSecurityKeyChainV12v0Group OBJECT-GROUP
OBJECTS {
tmnxKeyChainExpired,
tmnxKeyChainKeyOption
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Keychain capabilities on
Nokia SROS series release 12.0 systems."
::= { tmnxSecurityGroups 83 }
tmnxSecurityPublicKeyGroup OBJECT-GROUP
OBJECTS {
tmnxUserPublicKeyRowStatus,
tmnxUserPublicKeyLastChanged,
tmnxUserPublicKeyName
}
STATUS current
DESCRIPTION
"The group of objects supporting Secure Shell version 2 (SSHv2) RSA
public key capabilities on Nokia SROS series release 12.0 systems."
::= { tmnxSecurityGroups 84 }
tCAProfCmpv2HttpVerV12v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfCmpHttpVersion
}
STATUS current
DESCRIPTION
"The group of objects supporting CA profile related objects Nokia SROS
series systems 12.0 release."
::= { tmnxSecurityGroups 85 }
tmnxSecurityNotifyObjsV12v0Group OBJECT-GROUP
OBJECTS {
tmnxSecNotifOrigProtocol
}
STATUS current
DESCRIPTION
"The group of objects supporting security notifications in revision
12.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 86 }
tmnxSecurityNotificationV12v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxSecNotifKeyChainExpired,
tmnxCAProfUpDueToRevokeChkCrlOpt
}
STATUS current
DESCRIPTION
"The group of notifications supporting security in revision 12.0 on
Nokia SROS series systems."
::= { tmnxSecurityGroups 87 }
tmnxPkiCertDispFmtV12v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiCertDisplayFormat
}
STATUS current
DESCRIPTION
"The group of notifications supporting security PKI certificate display
format feature in revision 12.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 88 }
tmnxSecurityProfRateV12v0Group OBJECT-GROUP
OBJECTS {
tmnxCpmProtPolOutProfRateLogEvnt
}
STATUS current
DESCRIPTION
"The group of objects supporting management of CPM Protection policies
on Nokia SROS series release 12.0 systems."
::= { tmnxSecurityGroups 89 }
tmnxSecCpmProtProtocolV12v0Group OBJECT-GROUP
OBJECTS {
tmnxCpmProtIPSrcMonGtp,
tmnxCpmProtIPSrcMonIcmp,
tmnxCpmProtIPSrcMonIgmp
}
STATUS current
DESCRIPTION
"The group of objects supporting management of CPM Protection on Nokia
SROS series release 12.0 systems."
::= { tmnxSecurityGroups 90 }
tmnxSecuritySSHCipherGroup OBJECT-GROUP
OBJECTS {
tmnxSSHCipherName,
tmnxSSHServerCipherListRowStatus,
tmnxSSHServerCipherListNumber,
tmnxSSHClientCipherListRowStatus,
tmnxSSHClientCipherListNumber
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Secure Shell cipher
capabilities on Nokia SROS series release 12.0 systems."
::= { tmnxSecurityGroups 91 }
tmnxPkiCAProfRevokeChkGroup OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfRevokeChk
}
STATUS current
DESCRIPTION
"The group of objects supporting management of PKI CA-profile related
features on Nokia SROS series release 12.0 systems."
::= { tmnxSecurityGroups 92 }
tmnxSecurityKeyChainV13v0Group OBJECT-GROUP
OBJECTS {
tmnxKeyChainKeyOption
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Keychain capabilities on
Nokia SROS series release 13.0 systems."
::= { tmnxSecurityGroups 93 }
tmnxPkiCAProf13v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfActnDomain,
tmnxPkiCAProfActnInetAddrType,
tmnxPkiCAProfActnInetAddr
}
STATUS current
DESCRIPTION
"The group of objects supporting management of security capabilities on
Nokia SROS series release 13.0 systems."
::= { tmnxSecurityGroups 94 }
tmnxSecurityNotifyObjsV13v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfileNameForNotify,
tmnxSecNotifFileSize,
tmnxPkiExpRemainingHours,
tmnxPkiExpRemainingMinutes,
tmnxPkiExpReason
}
STATUS current
DESCRIPTION
"The group of objects supporting security notifications in revision
13.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 96 }
tmnxCertExpNotificationV13v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxPkiCertNotYetValid,
tmnxPkiCRLNotYetValid,
tmnxPkiCertBeforeExpWarning,
tmnxPkiCertAfterExpWarning,
tmnxPkiCertExpWarningCleared,
tmnxPkiCRLBeforeExpWarning,
tmnxPkiCRLAfterExpWarning,
tmnxPkiCRLExpWarningCleared
}
STATUS current
DESCRIPTION
"The group of notifications supporting certificate/CRL expiry warnings
feature in revision 13.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 97 }
tmnxCertExpWarningV13v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiCertExpWarningHours,
tmnxPkiCertExpWarningRepeatHrs,
tmnxPkiCRLExpWarningHours,
tmnxPkiCRLExpWarningRepeatHrs
}
STATUS current
DESCRIPTION
"The group of objects supporting certificate/CRL expiry warning feature
in revision 13.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 98 }
tmnxCliScriptAuthUserV13v0Group OBJECT-GROUP
OBJECTS {
tmnxCliScriptAuthTblLastChange,
tmnxCliScriptAuthRowStatus
}
STATUS current
DESCRIPTION
"The group of objects supporting management of cli script user
authorization on Nokia SROS series release 13.0 systems."
::= { tmnxSecurityGroups 99 }
tmnxSecurityRadiusV13v0Group OBJECT-GROUP
OBJECTS {
tmnxRadiusInteractiveAuthen
}
STATUS current
DESCRIPTION
"The group of objects supporting management of RADIUS capabilities on
Nokia SROS series systems since release 13.0."
::= { tmnxSecurityGroups 100 }
tmnxSecCertRldNotifyObjsV13v0Grp OBJECT-GROUP
OBJECTS {
tmnxSecNotifFileType
}
STATUS current
DESCRIPTION
"The group of objects supporting security notifications for
certificate/key reload in revision 13.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 101 }
tmnxCertRldNotificationV13v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxSecNotifFileReloaded
}
STATUS current
DESCRIPTION
"The group of notifications supporting certificate/key reload feature
in revision 13.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 102 }
tmnxPkiCAProfAtCrlUpdV13v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfAtCrlUpdTblLstChgd,
tmnxPkiCAProfAtCrlUpdRowStatus,
tmnxPkiCAProfAtCrlUpdLastChgd,
tmnxPkiCAProfAtCrlUpdAdminState,
tmnxPkiCAProfAtCrlUpdScheduleT,
tmnxPkiCAProfAtCrlUpdPrdcUpdIntv,
tmnxPkiCAProfAtCrlUpdPreUpdTime,
tmnxPkiCAProfAtCrlUpdRetryIntv,
tmnxPkiCAProfAtCrlUpdLstSucsEtId,
tmnxPkiCAProfAtCrlUpdLstSucsTmSt,
tmnxPkiCAProfAtCrlUpdLstSucsTmEd,
tmnxPkiCAProfAtCrlUpdNxCrlUpdTm,
tmnxPkiCAProfCrlCurUpdStatus,
tmnxPkiCAProfCrlCurUpdEtId,
tmnxPkiCAProfUrlTablLastChgd,
tmnxPkiCAProfUrlRowStatus,
tmnxPkiCAProfUrlLastChanged,
tmnxPkiCAProfUrl,
tmnxPkiCAProfUrlFileTransProf,
tmnxPkiCAProfManCrlUpdAct,
tmnxPkiCAProfManCrlUpdAbort
}
STATUS current
DESCRIPTION
"The group of objects supporting the configuration of automated CRL
update features on Nokia SROS series release 13.0 systems."
::= { tmnxSecurityGroups 103 }
tmnxCliSessionGroupV13v0Group OBJECT-GROUP
OBJECTS {
tmnxCliSessionGroupTableLstChgd,
tmnxCliSessionGroupLastChanged,
tmnxCliSessionGroupRowStatus,
tmnxCliSessionGroupDescription,
tmnxCliSessionGroupSshLimit,
tmnxCliSessionGroupTelnetLimit,
tmnxCliSessionGroupTotalLimit,
tmnxUserProfileSshLimit,
tmnxUserProfileTelnetLimit,
tmnxUserProfileTotalLimit,
tmnxUserProfileCliSessionGroup
}
STATUS current
DESCRIPTION
"The group of objects supporting limitation of number of concurrent SSH
& Telnet sessions on Nokia SROS series systems since release 13.0."
::= { tmnxSecurityGroups 104 }
tmnxSecPwdHistNotifyObjsV12v0Grp OBJECT-GROUP
OBJECTS {
tmnxSecPwdHistLoadFailReason
}
STATUS current
DESCRIPTION
"The group of notifications supporting password history feature in
revision 12.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 105 }
tmnxSecPwdHistNotifV12v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxSecPwdHistoryFileLoadFailed,
tmnxSecPwdHistoryFileWriteFailed
}
STATUS current
DESCRIPTION
"The group of notifications supporting password history feature in
revision 12.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 106 }
tmnxSecVsdGroup OBJECT-GROUP
OBJECTS {
tmnxVsdPassword
}
STATUS current
DESCRIPTION
"The group of objects supporting VSD configuration feature on Nokia
SROS series systems."
::= { tmnxSecurityGroups 107 }
tmnxSessLimNotifyObjsV13v0Grp OBJECT-GROUP
OBJECTS {
tmnxSessionLimitExceededName,
tmnxSessionLimitExceededType
}
STATUS current
DESCRIPTION
"The group of objects supporting security notifications for user access
session limits on Nokia SROS series release 13.0 systems."
::= { tmnxSecurityGroups 108 }
tmnxSessLimNotifyV13v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxUsrProfSessionLimitExceeded,
tmnxCliGroupSessionLimitExceeded
}
STATUS current
DESCRIPTION
"The group of notifications supporting user access session limits
feature on Nokia SROS series release 13.0 systems."
::= { tmnxSecurityGroups 109 }
tmnxSecNotifyObjsV14v0Grp OBJECT-GROUP
OBJECTS {
tmnxSecNotifyUserName,
tmnxSecNotifyAddrType,
tmnxSecNotifyAddr
}
STATUS current
DESCRIPTION
"The group of objects supporting information for security notifications
on Nokia SROS series release 14.0 systems."
::= { tmnxSecurityGroups 110 }
tmnxLogMaxAttNotifyV14v0Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxUserCliLoginMaxAttempts,
tmnxUserFtpLoginMaxAttempts,
tmnxUserSshLoginMaxAttempts,
tmnxLiUserCliLoginMaxAttempts,
tmnxLiUserFtpLoginMaxAttempts,
tmnxLiUserSshLoginMaxAttempts
}
STATUS current
DESCRIPTION
"The group of notifications supporting maximum number of unsuccessful
user login attempts exceeded on Nokia SROS series release 14.0
systems."
::= { tmnxSecurityGroups 111 }
tmnxSecuritySSHv2PubKeyV14v0Grp OBJECT-GROUP
OBJECTS {
tmnxUserPubEcdsaKeyRowStatus,
tmnxUserPubEcdsaKeyLastChanged,
tmnxUserPubEcdsaKeyName,
tmnxUserPubEcdsaKeyDescription,
tmnxUserPublicKeyDescription,
tmnxUserPubKeyTableLastChanged,
tmnxUserPubEcdsaKeyTblLstChgd
}
STATUS current
DESCRIPTION
"The group of objects supporting Secure Shell version 2 (SSHv2) public
key capabilities on Nokia SROS series release 14.0 systems."
::= { tmnxSecurityGroups 112 }
tmnxPkiCAProfCrlSizeLimtV14v0Grp OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfCrlCurUpdStartTime,
tmnxPkiCAProfAtCrlUpdLstFailedId,
tmnxPkiCAProfAtCrlUpdLstFailTmSt,
tmnxPkiCAProfAtCrlUpdLstFailTmEd,
tmnxPkiCAProfAtCrlUpdLstFailReas
}
STATUS current
DESCRIPTION
"The group of objects supporting the statistics of CRL size limit
feature on Nokia SROS series release 14.0 systems."
::= { tmnxSecurityGroups 113 }
tmnxSecurityNetconfLockV14v0Grp OBJECT-GROUP
OBJECTS {
tmnxUserProfileNCLock
}
STATUS current
DESCRIPTION
"The group of objects supporting the netconf lock/unlock feature on
Nokia SROS series release 14.0 systems."
::= { tmnxSecurityGroups 114 }
tmnxSecurityRadiusV14v0Group OBJECT-GROUP
OBJECTS {
tmnxRadiusAdminStatus,
tmnxRadiusAccounting,
tmnxRadiusAuthorization,
tmnxRadiusTimeout,
tmnxRadiusPort,
tmnxRadiusServerSecret,
tmnxRadiusServerOperStatus,
tmnxRadiusServerRowStatus,
tmnxRadiusRetryAttempts,
tmnxRadiusPEForceDiscovery,
tmnxRadiusPEForceDiscoverySvcId,
tmnxRadiusAccountingPort,
tmnxRadiusServerInetAddressType,
tmnxRadiusServerInetAddress,
tmnxRadiusUseTemplate
}
STATUS current
DESCRIPTION
"The group of objects supporting management of RADIUS capabilities for
revision 14.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 115 }
tmnxSecurityTacPlusV14v0Group OBJECT-GROUP
OBJECTS {
tmnxTacPlusAdminStatus,
tmnxTacPlusTimeout,
tmnxTacPlusServerSecret,
tmnxTacPlusServerRowStatus,
tmnxTacPlusServerOperStatus,
tmnxTacPlusAccounting,
tmnxTacPlusAcctRecType,
tmnxTacPlusAuthorization,
tmnxTacplusUseTemplate,
tmnxTacPlusServerInetAddressType,
tmnxTacPlusServerInetAddress,
tmnxTacPlusServerPort
}
STATUS current
DESCRIPTION
"The group of objects supporting management of TACACS+ capabilities for
revision 14.0 on Nokia SROS series systems."
::= { tmnxSecurityGroups 116 }
tmnxSecurityObsoletedV14v0Group OBJECT-GROUP
OBJECTS {
tmnxRadiusConfigured,
tmnxTacPlusConfigured
}
STATUS current
DESCRIPTION
"The group of objects in TIMETRA-SECURITY-MIB which are obsoleted in
release 14.0."
::= { tmnxSecurityGroups 117 }
tmnxSecurityPasswordsV14v0Group OBJECT-GROUP
OBJECTS {
tmnxPasswordAuthenOrder4
}
STATUS current
DESCRIPTION
"The group of objects supporting management of passwords on Nokia SROS
series release 14.0 systems."
::= { tmnxSecurityGroups 118 }
tmnxSecNotifyObjsV14v0Group OBJECT-GROUP
OBJECTS {
tmnxSecNotifClientAppName
}
STATUS current
DESCRIPTION
"The group of additional objects supporting security notifications on
Nokia SROS series release 14.0 systems."
::= { tmnxSecurityGroups 119 }
tmnxCertNotifyV14v0Group NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxAppPkiCertVerificationFailed
}
STATUS current
DESCRIPTION
"The group of additional notifications supporting certificate
verification capabilities on Nokia SROS series release 14.0 systems."
::= { tmnxSecurityGroups 120 }
tmnxSecurityGrpcV15v0Grp OBJECT-GROUP
OBJECTS {
tmnxUserProfileGrpcAuthGet,
tmnxUserProfileGrpcAuthSet,
tmnxUserProfileGrpcAuthSubscribe
}
STATUS current
DESCRIPTION
"The group of objects supporting the gRPC feature on Nokia SROS series
release 15.0 systems."
::= { tmnxSecurityGroups 122 }
tmnxPkiCNV15v0Grp OBJECT-GROUP
OBJECTS {
tmnxPkiCNListLastChanged,
tmnxPkiCNListParamCNType,
tmnxPkiCNListParamCNValue,
tmnxPkiCNListParamLastChanged,
tmnxPkiCNListParamRowStatus,
tmnxPkiCNListParamTableLstChgd,
tmnxPkiCNListRowStatus,
tmnxPkiCNListTableLastChanged
}
STATUS current
DESCRIPTION
"The group of objects supporting the management of Common Name lists."
::= { tmnxSecurityGroups 123 }
tmnxSecuritySSHMacListV15v0Group OBJECT-GROUP
OBJECTS {
tmnxSSHMacName,
tmnxSSHServerMacListTableLstChgd,
tmnxSSHServerMacListLastChanged,
tmnxSSHServerMacListRowStatus,
tmnxSSHServerMacListNumber,
tmnxSSHClientMacListTableLstChgd,
tmnxSSHClientMacListLastChanged,
tmnxSSHClientMacListRowStatus,
tmnxSSHClientMacListNumber
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Secure Shell MAC
algorithm capabilities on Nokia SROS series release 15.0 systems."
::= { tmnxSecurityGroups 124 }
tmnxSecuritySSHKeyReExV15v0Group OBJECT-GROUP
OBJECTS {
tmnxSSHServerKeyReExLastChanged,
tmnxSSHServerKeyReExAdminState,
tmnxSSHServerKeyReExMinutes,
tmnxSSHServerKeyReExMBytes,
tmnxSSHClientKeyReExLastChanged,
tmnxSSHClientKeyReExAdminState,
tmnxSSHClientKeyReExMinutes,
tmnxSSHClientKeyReExMBytes
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Secure Shell key
re-exchange capabilities on Nokia SROS series release 15.0 systems."
::= { tmnxSecurityGroups 125 }
tmnxSecUserV15v1Group OBJECT-GROUP
OBJECTS {
tmnxUserCliEngine1,
tmnxUserCliEngine2
}
STATUS current
DESCRIPTION
"The group of objects supporting cli engine accessibility configuration
on Nokia SROS series release 15.1 systems."
::= { tmnxSecurityGroups 127 }
tmnxCAProfileV15v1Group OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfCmpSvcName,
tmnxPkiCAProfOcspSvcName
}
STATUS current
DESCRIPTION
"The group of objects supporting CA profile capabilities on Nokia SROS
series release 15.1 systems."
::= { tmnxSecurityGroups 128 }
tmnxLogMaxAttNotifyV15v1Grp NOTIFICATION-GROUP
NOTIFICATIONS {
tmnxUserNetconfLoginMaxAttempts
}
STATUS current
DESCRIPTION
"The group of notifications supporting maximum number of unsuccessful
user login attempts exceeded on Nokia SROS series release 15.1
systems."
::= { tmnxSecurityGroups 129 }
tmnxSecurityGrpcV16v0Grp OBJECT-GROUP
OBJECTS {
tmnxUserProfileGrpcAuthGnmiCap,
tmnxUserProfileGrpcAuthRAModify,
tmnxUserProfileGrpcAuthRAGetVer,
tmnxUserProfileGrpcAuthCMRotate,
tmnxUserProfileGrpcAuthCMInstall,
tmnxUserProfileGrpcAuthCMGetCert,
tmnxUserProfileGrpcAuthCMRevoke,
tmnxUserProfileGrpcAuthCMCanGen
}
STATUS current
DESCRIPTION
"The group of objects supporting the gRPC feature on Nokia SROS series
release 16.0 systems."
::= { tmnxSecurityGroups 130 }
tmnxHashControlV16v0Group OBJECT-GROUP
OBJECTS {
tmnxPassHashWriteVersionMdCli,
tmnxPassHashWriteVersionNetconf,
tmnxPassHashWriteVersionGrpc
}
STATUS current
DESCRIPTION
"The group of objects supporting hash control configuration on Nokia
SROS series release 16.0 systems."
::= { tmnxSecurityGroups 131 }
tmnxPkiV16v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiImportedFormat
}
STATUS current
DESCRIPTION
"The group of objects supporting PKI configuration on Nokia SROS series
release 16.0 systems."
::= { tmnxSecurityGroups 132 }
tmnxCAProfileV16v0Group OBJECT-GROUP
OBJECTS {
tmnxPkiCAProfOcspTransProf
}
STATUS current
DESCRIPTION
"The group of objects supporting CA profile capabilities on Nokia SROS
series release 16.0 systems."
::= { tmnxSecurityGroups 133 }
tmnxServerAccessCtlV16v0Group OBJECT-GROUP
OBJECTS {
tmnxAllowServersAccess,
tmnxServerAccessCtlObjsLstChgd
}
STATUS current
DESCRIPTION
"The group of objects supporting management interface protocols
configuration for the Base router on Nokia SROS series systems in
release 16.0."
::= { tmnxSecurityGroups 134 }
tmnxSecUserV19v0Group OBJECT-GROUP
OBJECTS {
tmnxUserProfileRowStatus,
tmnxUserProfileDefaultAction,
tmnxUserProfileMatchRowStatus,
tmnxUserProfileMatchDescription,
tmnxUserProfileMatchAction,
tmnxUserProfileMatchString,
tmnxUserRowStatus,
tmnxUserPassword,
tmnxUserAccess,
tmnxUserHomeDirectory,
tmnxUserRestrictedToHome,
tmnxUserConsoleLoginExecFile,
tmnxUserConsoleCannotChangePswd,
tmnxUserConsoleNewPswdAtLogin,
tmnxUserConsoleMemberProfile1,
tmnxUserConsoleMemberProfile2,
tmnxUserConsoleMemberProfile3,
tmnxUserConsoleMemberProfile4,
tmnxUserConsoleMemberProfile5,
tmnxUserConsoleMemberProfile6,
tmnxUserConsoleMemberProfile7,
tmnxUserConsoleMemberProfile8,
tmnxUserAttemptedLogins,
tmnxUserSuccessfulLogins,
tmnxUserActionClearPwdHistory,
tmnxTemplateAccess,
tmnxTemplateHomeDirectory,
tmnxTemplateRestrictedToHome,
tmnxTemplateConsoleLoginExecFile,
tmnxTemplateProfile,
tmnxUserPasswordChangedTime,
tmnxUserPasswordExpirationTime
}
STATUS current
DESCRIPTION
"The group of objects supporting management of user security
capabilities on Nokia SROS series systems."
::= { tmnxSecurityGroups 135 }
tmnxSecUserV19v0GroupObsoleted OBJECT-GROUP
OBJECTS {
tmnxUserPasswordChanged
}
STATUS current
DESCRIPTION
"The group of objects obsoleted in release 19.0 of the capabilities on
Nokia SROS series systems."
::= { tmnxSecurityGroups 136 }
tmnxSecuritySSHKexListV19v0Group OBJECT-GROUP
OBJECTS {
tmnxSSHKexName,
tmnxSSHServerKexListTableLstChgd,
tmnxSSHServerKexListLastChanged,
tmnxSSHServerKexListRowStatus,
tmnxSSHServerKexListNumber,
tmnxSSHClientKexListTableLstChgd,
tmnxSSHClientKexListLastChanged,
tmnxSSHClientKexListRowStatus,
tmnxSSHClientKexListNumber
}
STATUS current
DESCRIPTION
"The group of objects supporting management of Secure Shell KEX
algorithm capabilities on Nokia SROS series systems."
::= { tmnxSecurityGroups 137 }
tmnxSecurityNotifyPrefix OBJECT IDENTIFIER ::= { tmnxSRNotifyPrefix 22 }
tmnxSecurityNotifications OBJECT IDENTIFIER ::= { tmnxSecurityNotifyPrefix 0 }
tmnxSSHServerPreserveKeyFail NOTIFICATION-TYPE
OBJECTS {
tmnxCpmFlashHwIndex,
tmnxCpmFlashOperStatus
}
STATUS current
DESCRIPTION
"The tmnxSSHServerPreserveKeyFail notification is generated when the
saving of SSH server host key on the persistent drive fails by the CPM
module.
tmnxCpmFlashId identifies the failed compact flash.
tmnxCpmFlashOperStatus indicates the status of the compact flash
reported in tmnxCpmFlashId."
::= { tmnxSecurityNotifications 1 }
tmnxKeyChainAuthFailure NOTIFICATION-TYPE
OBJECTS {
tmnxKeyChainReceiveTcpOptionNum,
tmnxKeyChainAuthFailReason,
tmnxKeyChainAuthAddrType,
tmnxKeyChainAuthAddr,
vRtrID
}
STATUS current
DESCRIPTION
"The tmnxKeyChainAuthFailure notification is generated when the
incoming packet is dropped due to key chain authentication failure.
Failure could be due to the following reasons or more:
- Send packet had not auth keychain but recv side had keychain enabled.
- Keychain key id's did not match.
- Keychain key digest mismatch
- Received packet with invalid enhanced authentication option length.
- For other causes of failure refer to 'draft-bonica-tcp-auth-05.txt'."
::= { tmnxSecurityNotifications 2 }
tmnxCpmProtViolPort NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtViolPortPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"The tmnxCpmProtViolPort notification is generated when a link-specific
packet arrival rate limit violation is detected for a port.
This notification is not supported on SR-1 and ESS-1, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxSecurityNotifications 3 }
tmnxCpmProtViolPortAgg NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtViolPortAggPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"The tmnxCpmProtViolPortAgg notification is generated when a per-port
overall packet rate limit violation is detected for a port.
This notification is not supported on SR-1 and ESS-1, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxSecurityNotifications 4 }
tmnxCpmProtViolIf NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtViolIfPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"The tmnxCpmProtViolIf notification is generated when a overall packet
arrival rate violation is detected for an interface, and this
notification is enabled.
This notification is not supported on SR-1 and ESS-1, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxSecurityNotifications 5 }
tmnxCpmProtViolSap NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtViolSapPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"The tmnxCpmProtViolSap notification is generated when a overall packet
arrival rate violation is detected for a SAP, and this notification is
enabled.
This notification is not supported on SR-1 and ESS-1, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxSecurityNotifications 6 }
tmnxCpmProtViolMac NOTIFICATION-TYPE
OBJECTS {
svcId,
sapPortId,
sapEncapValue,
tmnxCpmProtViolMacAddress,
tmnxCpmProtViolMacPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"The tmnxCpmProtViolMac notification is generated when a per-source
rate limit violation was detected for a source, and this notification
is enabled.
This notification is not supported on SR-1 and ESS-1, where the value
of TIMETRA-CHASSIS-MIB::tmnxChassisType is '5', and 7710, where the
value of TIMETRA-CHASSIS-MIB::tmnxChassisType is '7' or '9'."
::= { tmnxSecurityNotifications 7 }
tmnxCpmProtViolVdoSvcClient NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtViolVdoSvcPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"The tmnxCpmProtViolVdoSvcClient notification is generated when a
per-source rate limit violation was detected for a client address of a
RTCP control traffic in VPLS service."
::= { tmnxSecurityNotifications 8 }
tmnxCpmProtViolVdoVrtrClient NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtViolVdoVrtrPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"The tmnxCpmProtViolVdoVrtrClient notification is generated when a
per-source rate limit violation was detected for a client address of a
RTCP control traffic in router context."
::= { tmnxSecurityNotifications 9 }
tmnxMD5AuthFailure NOTIFICATION-TYPE
OBJECTS {
tmnxMD5AuthKey,
tmnxMD5AuthFailReason,
tmnxMD5AuthAddrType,
tmnxMD5AuthAddr,
vRtrID
}
STATUS current
DESCRIPTION
"The tmnxMD5AuthFailure notification is generated when the incoming
packet is dropped due to MD5 authentication failure."
::= { tmnxSecurityNotifications 10 }
tmnxCpmProtDefPolModified NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtPolId
}
STATUS current
DESCRIPTION
"The tmnxCpmProtDefPolModified notification is generated when the user
modifies a default access or default network policy."
::= { tmnxSecurityNotifications 11 }
tmnxCpmProtViolSdpBind NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtViolSdpBindPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCpmProtViolSdpBind notification is generated when the
packet arrival rate at a mesh-sdp or spoke-sdp exceeds the SDP's
configured overall-rate.
[EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was
discarded.
[RECOVERY] Reduce the packet transmission rate at the far end, or
increase the locally configured overall-rate for the SDP."
::= { tmnxSecurityNotifications 12 }
tmnxCpmProtExcdSdpBind NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtExcdSdpBindPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCpmProtExcdSdpBind notification is generated when a
source (identified by a MAC address) sends a packet stream to a local
mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured
per-source-rate.
[EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was
discarded.
[RECOVERY] Reduce the packet transmission rate at the far end, or
increase the locally configured per-source-rate for the SDP."
::= { tmnxSecurityNotifications 13 }
tmnxCpmProtExcdSapEcm NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtExcdSapEcmPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCpmProtExcdSapEcm notification is generated when an
Eth-CFM packet stream (identified by a source MAC address, domain
level, and Eth-CFM opcode) arrives at a local SAP at a rate which
exceeds the configured Eth-CFM rate limit for the stream.
[EFFECT] One or more Eth-CFM packets arriving at the SAP was
discarded.
[RECOVERY] Reduce the packet transmission rate at the far end, or
increase the locally configured Eth-CFM rate limit for the stream."
::= { tmnxSecurityNotifications 14 }
tmnxCpmProtExcdSdpBindEcm NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtExcdSdpBindEcmPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCpmProtExcdSdpBindEcm notification is generated when
an Eth-CFM packet stream (identified by a source MAC address, domain
level, and Eth-CFM opcode) arrives at a local mesh-sdp or spoke-sdp at
a rate which exceeds the configured Eth-CFM rate limit for the stream.
[EFFECT] One or more Eth-CFM packets arriving at the mesh-sdp or
spoke-sdp was discarded.
[RECOVERY] Reduce the packet transmission rate at the far end, or
increase the locally configured Eth-CFM rate limit for the stream."
::= { tmnxSecurityNotifications 15 }
tmnxPkiFileReadFailed NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxSecNotifFailureReason
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiFileReadFailed notification is generated when an
attempt to read the file fails. The reason for the failure is
indicated by the tmnxSecNotifFailureReason object.
[EFFECT] Operational status of tunnels configured to use this
certificate will be set to 'down'.
[RECOVERY] Make sure the path specified in tmnxSecNotifFile is correct
and the file exists."
::= { tmnxSecurityNotifications 16 }
tmnxPkiCertVerificationFailed NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifTunnelName,
tmnxSecNotifCert,
tmnxSecNotifFailureReason
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCertVerificationFailed notification is generated
when an attempt to verify the certificate fails. This notification is
only used by the IPsec application.
[EFFECT] Authentication of the tunnel configured with the certificate
will start to fail.
[RECOVERY] Make sure the certificate specified in tmnxSecNotifCert is
a valid certificate and an appropriate trust anchor is configured."
::= { tmnxSecurityNotifications 17 }
tmnxCAProfileStateChange NOTIFICATION-TYPE
OBJECTS {
tmnxPkiCAProfileOperState,
tmnxSecNotifFailureReason
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCAProfileStateChange notification is generated when
Certificate Authority profile changes state to 'down' due to
tmnxSecNotifFailureReason.
[EFFECT] Certificate Authority profile will remain in this state until
a corrective action is taken.
[RECOVERY] Depending on the reason indicated by
tmnxSecNotifFailureReason, corrective action should be taken."
::= { tmnxSecurityNotifications 18 }
tmnxCpmProtExcdSapIp NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtExcdSapIpPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCpmProtExcdSapIp notification is generated when a
source (identified by an IP address) sends a packet stream to a local
SAP at a rate which exceeds the SAP's configured per-source-rate.
[EFFECT] One or more packets arriving at the SAP was discarded.
[RECOVERY] Reduce the packet transmission rate at the far end, OR
increase the locally configured per-source-rate for the SAP, OR
disable per-IP-source rate limiting on the SAP by setting
TIMETRA-SAP-MIB::sapCpmProtMonitorIP to 'false'."
::= { tmnxSecurityNotifications 19 }
tmnxPkiCAProfActnStatusChg NOTIFICATION-TYPE
OBJECTS {
tmnxPkiCAProfActnType,
tmnxPkiCAProfActnStatus,
tmnxPkiCAProfActnStatusString,
tmnxPkiCAProfActnStatusCode,
tmnxPkiCAProfActnOrigCmdTime,
tmnxPkiCAProfActnLastCAResp
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCAProfActnStatusChg notification is generated when
tmnxPkiCAProfActnStatus changes status. More information is available
through tmnxPkiCAProfActnStatusString and tmnxPkiCAProfActnStatusCode.
[EFFECT] This is due to the action performed using
tmnxPkiCAProfActnTable.
[RECOVERY] Depending on the information available in this trap,
another tmnxPkiCAProfActnType request may be issued by correcting the
parameters in the tmnxPkiCAProfActnTable."
::= { tmnxSecurityNotifications 20 }
tmnxCpmProtViolSapOutProf NOTIFICATION-TYPE
OBJECTS {
tCpmProtOutProfViolSapPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCpmProtViolSapOutProf notification is generated when
the rate at which incoming control packets are marked as
out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded.
This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt
is set to 'true'.
[EFFECT] One or more control packets being marked as out-of-profile
will be discarded.
[RECOVERY] Reduce the packet transmission rate at the far end, or
increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for
this SAP."
::= { tmnxSecurityNotifications 21 }
tmnxCpmProtViolIfOutProf NOTIFICATION-TYPE
OBJECTS {
tCpmProtOutProfViolIfPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCpmProtViolIfOutProf notification is generated when
the rate at which incoming control packets are marked as
out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded.
This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt
is set to 'true'.
[EFFECT] One or more control packets being marked as out-of-profile
will be discarded.
[RECOVERY] Reduce the packet transmission rate at the far end, or
increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for
this interface."
::= { tmnxSecurityNotifications 22 }
tmnxCpmProtExcdSdpBindIp NOTIFICATION-TYPE
OBJECTS {
tmnxCpmProtExcdSdpBindIpPeriods,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCpmProtExcdSdpBindIp notification is generated when a
source (identified by an IP address) sends a packet stream to a local
mesh-sdp or spoke-sdp at a rate which exceeds the SDP's configured
per-source-rate.
[EFFECT] One or more packets arriving at the mesh-sdp or spoke-sdp was
discarded.
[RECOVERY] Reduce the packet transmission rate at the far end, or
increase the locally configured per-source-rate for the SDP."
::= { tmnxSecurityNotifications 23 }
tmnxSecComputeCertChainFailure NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxSecNotifFailureReason
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxSecComputeCertChainFailure notification is generated
when a compute chain-failure has occurred.
[EFFECT] The chain cannot be built for a configured certificate and
the corresponding chain will be empty.
[RECOVERY] Depending on the reason indicated by
tmnxSecNotifFailureReason, corrective action should be taken."
::= { tmnxSecurityNotifications 24 }
tmnxCpmProtViolSdpBindOutProf NOTIFICATION-TYPE
OBJECTS {
tCpmProtOutProfViolSdpBindPeriod,
tmnxCpmProtViolExcdPktHexDump
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCpmProtViolSdpBindOutProf notification is generated
when the rate at which incoming control packets are marked as
out-of-profile specified by tmnxCpmProtPolOutProfileRate is exceeded.
This notification is generated when tmnxCpmProtPolOutProfRateLogEvnt
is set to 'true'.
[EFFECT] One or more control packets being marked as out-of-profile
will be discarded.
[RECOVERY] Reduce the packet transmission rate at the far end, or
increase the out-of-profile rate, tmnxCpmProtPolOutProfileRate for
this SDP binding."
::= { tmnxSecurityNotifications 25 }
tmnxSecNotifKeyChainExpired NOTIFICATION-TYPE
OBJECTS {
tmnxKeyChainExpired,
tmnxSecNotifOrigProtocol
}
STATUS current
DESCRIPTION
"The tmnxSecNotifKeyChainExpired notification is generated when a
protocol instance tries to use a keychain, for which the last key
entry has expired."
::= { tmnxSecurityNotifications 26 }
tmnxCAProfUpDueToRevokeChkCrlOpt NOTIFICATION-TYPE
OBJECTS {
tmnxPkiCAProfileOperState,
tmnxSecNotifFailureReason
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCAProfUpDueToRevokeChkCrlOpt notification is generated
when Certificate Authority profile changes state to 'up' due to
tmnxPkiCAProfRevokeChk set to 'crlOptional' even with the errors in
tmnxSecNotifFailureReason.
[EFFECT] Certificate Authority profile will remain up.
[RECOVERY] Errors described in tmnxSecNotifFailureReason should still
be corrected."
::= { tmnxSecurityNotifications 27 }
tmnxPkiCertBeforeExpWarning NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxPkiExpRemainingHours,
tmnxPkiExpRemainingMinutes,
tmnxSecNotifClientAppName
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCertBeforeExpWarning notification is generated when
the certificate indicated in tmnxSecNotifFile will expire in the time
period indicated by tmnxPkiExpRemainingHours and
tmnxPkiExpRemainingMinutes.
[EFFECT] The indicated certificate will expire.
[RECOVERY] Replace the indicated file with an updated certificate."
::= { tmnxSecurityNotifications 28 }
tmnxPkiCertAfterExpWarning NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxSecNotifClientAppName
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCertAfterExpWarning notification is generated when
the certificate indicated in tmnxSecNotifFile has expired.
[EFFECT] The indicated certificate has expired.
[RECOVERY] Replace the indicated file with an updated certificate."
::= { tmnxSecurityNotifications 29 }
tmnxPkiCertExpWarningCleared NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxPkiExpReason,
tmnxSecNotifClientAppName
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCertExpWarningCleared notification is generated
when the expiration warning for the certificate indicated in
tmnxSecNotifFile no longer applies because of the reason indicated in
tmnxPkiExpReason.
[EFFECT] The indicated certificate is no longer going to expire.
[RECOVERY] None needed."
::= { tmnxSecurityNotifications 30 }
tmnxPkiCRLBeforeExpWarning NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxPkiExpRemainingHours,
tmnxPkiExpRemainingMinutes
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCRLBeforeExpWarning notification is generated when
the CRL (certificate revocation list) indicated in tmnxSecNotifFile
will expire in the time period indicated by tmnxPkiExpRemainingHours
and tmnxPkiExpRemainingMinutes.
[EFFECT] The indicated CRL (certificate revocation list) will expire.
[RECOVERY] Replace the indicated file with an updated CRL."
::= { tmnxSecurityNotifications 31 }
tmnxPkiCRLAfterExpWarning NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCRLAfterExpWarning notification is generated when
the CRL (certificate revocation list) indicated in tmnxSecNotifFile
has expired.
[EFFECT] The indicated CRL (certificate revocation list) has expired.
[RECOVERY] Replace the indicated file with an updated CRL."
::= { tmnxSecurityNotifications 32 }
tmnxPkiCRLExpWarningCleared NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxPkiExpReason
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCRLExpWarningCleared notification is generated when
the expiration warning for the CRL (certificate revocation list)
indicated in tmnxSecNotifFile no longer applies.
[EFFECT] The indicated CRL (certificate revocation list) is no longer
going to expire because of the reason indicated in tmnxPkiExpReason.
[RECOVERY] None needed."
::= { tmnxSecurityNotifications 33 }
tmnxSecNotifFileReloaded NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxSecNotifFileType
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxSecNotifFileReloaded notification is generated when
the certificate or key indicated in tmnxSecNotifFile is reloaded.
tmnxSecNotifFileType indicates whether a certificate or key has been
reloaded.
[EFFECT] The indicated certificate or key has been reloaded.
[RECOVERY] None needed."
::= { tmnxSecurityNotifications 34 }
tmnxSecPwdHistoryFileLoadFailed NOTIFICATION-TYPE
OBJECTS {
tmnxSecPwdHistLoadFailReason
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxSecPwdHistoryFileLoadFailed notification is generated
when the password history is enabled (tmnxPasswordHistory is not 0)
for the first time and the system was unable to load and process the
password history.
Failure could be due to the following reasons or more:
- This is the first time the password history is enabled on this system.
- A previous attempt to store the password history failed.
- Somebody removed or modified the password history file.
[EFFECT] The system might not be able to compare the new user password
with the user's password history from before the last reboot. If
tmnxSecPwdHistLoadFailReason is set to 'notFound(1)', a new, empty
history file will be created.
[RECOVERY] Investigation might be warranted."
::= { tmnxSecurityNotifications 35 }
tmnxSecPwdHistoryFileWriteFailed NOTIFICATION-TYPE
STATUS current
DESCRIPTION
"[CAUSE] The tmnxSecPwdHistoryFileWriteFailed notification is generated
when the system is unable to store the password history when an user's
password is changed.
[EFFECT] After a reboot, the system might not be able to compare the
new user password with the user's password history.
[RECOVERY] Ensure the compact flash is present, and all file
permissions are correct."
::= { tmnxSecurityNotifications 36 }
tmnxPkiCAProfCrlUpdateStart NOTIFICATION-TYPE
OBJECTS {
tmnxPkiCAProfileNameForNotify
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxPkiCAProfCrlUpdateStart notification is generated when a
CRL update operation is started for an existing CA Profile.
The CA Profile is configured via tmnxPkiCAProfileTable.
[EFFECT] The system is downloading the CRL file from a URL, which is
configured via tmnxPkiCAProfUrlTable.
[RECOVERY] No recovery is required for this notification."
::= { tmnxSecurityNotifications 37 }
tmnxPkiCAProfCrlUpdateSuccess NOTIFICATION-TYPE
OBJECTS {
tmnxPkiCAProfUrl
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxPkiCAProfCrlUpdateSuccess notification is generated when
a new valid CRL file is successfully updated for an existing CA
Profile.
The CA Profile is configured via tmnxPkiCAProfileTable.
[EFFECT] tmnxPkiCAProfileCRLFile will be replaced if the downloaded
CRL file qualified.
The cases that a downloaded CRL does not qualify are explained in the
DESCRIPTION clause of tmnxPkiCAProfAtCrlUpdScheduleT.
[RECOVERY] No recovery is required for this notification."
::= { tmnxSecurityNotifications 38 }
tmnxPkiCAProfCrlUpdateUrlFail NOTIFICATION-TYPE
OBJECTS {
tmnxPkiCAProfUrl,
tmnxSecNotifFailureReason
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxPkiCAProfCrlUpdateUrlFail notification is generated when
the CRL update operation has failed after attempting the indicated URL
for an existing CA Profile.
The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an
existing CA Profile are configured via tmnxPkiCAProfUrlTable.
A tmnxPkiCAProfCrlUpdateUrlFail will not be sent when the URL is the
last one in the URL list for an existing CA Profile. In such case, a
tmnxPkiCAProfCrlUpdAllUrlsFail notification will be sent.
[EFFECT] The system will attempt to download the CRL file from the
next URL in the URL list.
[RECOVERY] Make sure the URLs specified in tmnxPkiCAProfUrlTable are
correct."
::= { tmnxSecurityNotifications 39 }
tmnxPkiCAProfCrlUpdAllUrlsFail NOTIFICATION-TYPE
OBJECTS {
tmnxPkiCAProfUrl,
tmnxSecNotifFailureReason
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxPkiCAProfCrlUpdAllUrlsFail notification is generated
when the CRL update operation failed after attempting all URLs for an
existing CA Profile.
The CA Profile is configured via tmnxPkiCAProfileTable. URLs for an
existing CA Profile are configured via tmnxPkiCAProfUrlTable.
[EFFECT] When tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)'
and tmnxPkiCAProfAtCrlUpdRetryIntv is zero, the system will stop
attempting to update the CRL file.
The system will attempt to download the same CRL file
starting from the first URL in the URL list again after
1) tmnxPkiCAProfAtCrlUpdRetryIntv (>0) seconds, when
tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)', or
2) tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds, when
tmnxPkiCAProfAtCrlUpdScheduleT is 'periodic (2)'.
[RECOVERY] Make sure the URLs specified in tmnxPkiCAProfUrlTable are
correct."
::= { tmnxSecurityNotifications 40 }
tmnxPkiFileWriteFailed NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxSecNotifFailureReason,
tmnxSecNotifFileSize
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiFileWriteFailed notification is generated when an
attempt to write the file fails. Reason for the failure is indicated
by the tmnxSecNotifFailureReason object.
[EFFECT] The downloaded file is not saved to disk.
[RECOVERY] Make sure the path specified in tmnxSecNotifFile is
correct, file permission is writable and there is sufficient disk
space."
::= { tmnxSecurityNotifications 41 }
tmnxPkiCAProfCrlUpdNoNxtUpdTime NOTIFICATION-TYPE
OBJECTS {
tmnxPkiCAProfileNameForNotify
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxPkiCAProfCrlUpdNoNxtUpdTime notification is generated
when tmnxPkiCAProfAtCrlUpdScheduleT is 'nextUpdateBased (1)' and
one of the following conditions is true:
1) The 'nextUpdate' field is missing from the CRL file or contains
a value that is beyond the limit of the system
2) tmnxPkiCAProfAtCrlUpdRetryIntv is zero, and none of the configured
URLs work or contain a CRL that qualifies from the first scheduled
update.
[EFFECT] The system will not download a new CRL file.
[RECOVERY] Change tmnxPkiCAProfAtCrlUpdScheduleT to 'periodic (2)' if
the system is to check for an updated CRL every
tmnxPkiCAProfAtCrlUpdPrdcUpdIntv seconds. Otherwise, configure the
tmnxPkiCAProfAtCrlUpdAdminState to 'outOfService (3)'."
::= { tmnxSecurityNotifications 42 }
tmnxUsrProfSessionLimitExceeded NOTIFICATION-TYPE
OBJECTS {
tmnxSessionLimitExceededName,
tmnxSessionLimitExceededType
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxUsrProfSessionLimitExceeded notification is generated
when an attempt to establish a new user access session is not
successful because any of SSH / Telnet / Total session limits defined
for the profile of which the user is a member has been exceeded.
The value of the object tmnxSessionLimitExceededName indicates the
name of the user profile of which the session limit has been exceeded.
The value of the object tmnxSessionLimitExceededType indicates the
type of the session limit that has been exceeded.
[EFFECT] The user access session has not been established.
[RECOVERY] An administrator may execute one of the following actions
in order to allow a successful session establishment:
1) force disconnection of an existing session(s) using
'admin disconnect' CLI command
2) increase the value of the session limit using CLI or SNMP SET
operation on the corresponding object in tmnxUserProfileTable
3) revoke the profile membership for the particular user (beware that
this action may have impact on user's privileges)"
::= { tmnxSecurityNotifications 43 }
tmnxCliGroupSessionLimitExceeded NOTIFICATION-TYPE
OBJECTS {
tmnxSessionLimitExceededName,
tmnxSessionLimitExceededType
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxCliGroupSessionLimitExceeded notification is generated
when an attempt to establish a new user access session is not
successful because any of SSH / Telnet / Total session limits defined
for the CLI session group of which the user is an indirect member (as
a member of a user profile that is a member of the CLI session group)
has been exceeded.
The value of the object tmnxSessionLimitExceededName indicates the
name of the CLI session group of which the session limit has been
exceeded.
The value of the object tmnxSessionLimitExceededType indicates the
type of the session limit that has been exceeded.
[EFFECT] The user access session has not been established.
[RECOVERY] An administrator may execute one of the following actions
in order to allow a successful session establishment:
1) force disconnection of an existing session(s) using
'admin disconnect' CLI command
2) increase the value of the session limit using CLI or SNMP SET
operation on the corresponding object in tmnxCliSessionGroupTable
3) revoke the profile membership for the particular user (beware that
this action may have impact on user's privileges)
4) revoke the session group membership for the particular profile"
::= { tmnxSecurityNotifications 44 }
tmnxPkiCAProfCrlUpdLargPreUpdTm NOTIFICATION-TYPE
OBJECTS {
tmnxPkiCAProfileNameForNotify
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxPkiCAProfCrlUpdLargPreUpdTm notification is generated
when the 'nextUpdate' time of a newly downloaded CRL is earlier than
the last successful update time or the time of setting
tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)' plus the pre-update
time.
The last successful update time is stored in
tmnxPkiCAProfAtCrlUpdLstSucsTmSt. The pre-update time is configured
via tmnxPkiCAProfAtCrlUpdPreUpdTime.
[EFFECT] The system will update the CRL again in
tmnxPkiCAProfAtCrlUpdRetryIntv seconds rather than immediately.
[RECOVERY] Configure tmnxPkiCAProfAtCrlUpdPreUpdTime to a value less
than (the 'nextUpdate' value of the newly downloaded CRL - the last
successful update time). The ideal value would be a value slightly
lower than the CRL overlap period to avoid unnecessary download
attempts.
No recovery is needed for if the notification is generated in case of
setting tmnxPkiCAProfAtCrlUpdAdminState to 'inService (2)'."
::= { tmnxSecurityNotifications 45 }
tmnxUserCliLoginMaxAttempts NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifyUserName,
tmnxSecNotifyAddrType,
tmnxSecNotifyAddr,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsLockoutPeriod
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxUserCliLoginMaxAttempts notification is generated when a
non Lawful Interception user attempting to open a CLI session failed
to authenticate for more than a maximum allowed number of times in a
period of tmnxPasswordAttemptsTime minutes.
The value of the object tmnxPasswordAttemptsCount indicates the
maximum number of unsuccessful login attempts allowed.
The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
the number of minutes the user is locked out.
The value of the object tmnxSecNotifyUserName indicates the name of
the user attempting to open a CLI session.
The value of the object tmnxSecNotifyAddrType indicates the type of
the IP address stored in the object tmnxSecNotifyAddr.
The value of the object tmnxSecNotifyAddr indicates the IP address of
the user attempting to open a CLI session.
[EFFECT] The user is locked out for a period of
tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is
terminated.
[RECOVERY] No recovery action is required."
::= { tmnxSecurityNotifications 46 }
tmnxUserFtpLoginMaxAttempts NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifyUserName,
tmnxSecNotifyAddrType,
tmnxSecNotifyAddr,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsLockoutPeriod
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxUserFtpLoginMaxAttempts notification is generated when a
non Lawful Interception user attempting to connect via FTP failed to
authenticate for more than a maximum allowed number of times in a
period of tmnxPasswordAttemptsTime minutes.
The value of the object tmnxPasswordAttemptsCount indicates the
maximum number of unsuccessful login attempts allowed.
The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
the number of minutes the user is locked out.
The value of the object tmnxSecNotifyUserName indicates the name of
the user attempting to connect via FTP.
The value of the object tmnxSecNotifyAddrType indicates the type of
the IP address stored in the object tmnxSecNotifyAddr.
The value of the object tmnxSecNotifyAddr indicates the IP address of
the user attempting to connect via FTP.
[EFFECT] The user is locked out for a period of
tmnxPasswordAttemptsLockoutPeriod minutes. An FTP session is
terminated.
[RECOVERY] No recovery action is required."
::= { tmnxSecurityNotifications 47 }
tmnxUserSshLoginMaxAttempts NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifyUserName,
tmnxSecNotifyAddrType,
tmnxSecNotifyAddr,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsLockoutPeriod
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxUserSshLoginMaxAttempts notification is generated when a
non Lawful Interception user attempting to connect via SSH failed to
authenticate for more than a maximum allowed number of times in a
period of tmnxPasswordAttemptsTime minutes.
The value of the object tmnxPasswordAttemptsCount indicates the
maximum number of unsuccessful login attempts allowed.
The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
the number of minutes the user is locked out.
The value of the object tmnxSecNotifyUserName indicates the name of
the user attempting to connect via SSH.
The value of the object tmnxSecNotifyAddrType indicates the type of
the IP address stored in the object tmnxSecNotifyAddr.
The value of the object tmnxSecNotifyAddr indicates the IP address of
the user attempting to connect via SSH.
[EFFECT] The user is locked out for a period of
tmnxPasswordAttemptsLockoutPeriod minutes. An SSH session is
terminated.
[RECOVERY] No recovery action is required."
::= { tmnxSecurityNotifications 48 }
tmnxPkiCertNotYetValid NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile,
tmnxSecNotifClientAppName
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCertNotYetValid notification is generated when the
certificate indicated in tmnxSecNotifFile is not yet valid.
[EFFECT] The indicated certificate is not usable until the 'notBefore'
time is reached. If the certificate is specified in a CA-profile, then
the operational state of the CA-profile (i.e.,
tmnxPkiCAProfileOperState) remains down until the 'notBefore' time is
reached.
[RECOVERY] Replace tmnxSecNotifFile with a certificate file that is
still valid, or wait until the 'notBefore' time specified in the
certificate is reached for the system to recover itself."
REFERENCE
"RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile', IETF, May 2008."
::= { tmnxSecurityNotifications 49 }
tmnxPkiCRLNotYetValid NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifFile
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxPkiCRLNotYetValid notification is generated when the
CRL (Certificate Revocation List) indicated in tmnxSecNotifFile is not
yet valid.
[EFFECT] The CRL is not usable until the 'thisUpdate' time is reached.
Unless tmnxPkiCAProfRevokeChk is configured to 'crlOptional (2)', the
operational state of the CA-profile (i.e., tmnxPkiCAProfileOperState)
remains down until the 'thisUpdate' time is reached.
[RECOVERY] Replace tmnxSecNotifFile with a CRL that is still valid, or
wait until the 'thisUpdate' time specified in the CRL is reached for
the system to recover itself."
REFERENCE
"RFC 5280, 'Internet X.509 Public Key Infrastructure Certificate and
Certificate Revocation List (CRL) Profile', IETF, May 2008."
::= { tmnxSecurityNotifications 50 }
tmnxLiUserCliLoginMaxAttempts NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifyUserName,
tmnxSecNotifyAddrType,
tmnxSecNotifyAddr,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsLockoutPeriod
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxLiUserCliLoginMaxAttempts notification is generated when
a Lawful Interception user attempting to open a CLI session failed to
authenticate for more than a maximum allowed number of times in a
period of tmnxPasswordAttemptsTime minutes.
The value of the object tmnxPasswordAttemptsCount indicates the
maximum number of unsuccessful login attempts allowed.
The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
the number of minutes the user is locked out.
The value of the object tmnxSecNotifyUserName indicates the name of
the user attempting to open a CLI session.
The value of the object tmnxSecNotifyAddrType indicates the type of
the IP address stored in the object tmnxSecNotifyAddr.
The value of the object tmnxSecNotifyAddr indicates the IP address of
the user attempting to open a CLI session.
[EFFECT] The user is locked out for a period of
tmnxPasswordAttemptsLockoutPeriod minutes. A remote access session is
terminated.
[RECOVERY] No recovery action is required."
::= { tmnxSecurityNotifications 51 }
tmnxLiUserSshLoginMaxAttempts NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifyUserName,
tmnxSecNotifyAddrType,
tmnxSecNotifyAddr,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsLockoutPeriod
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxLiUserSshLoginMaxAttempts notification is generated when
a Lawful Interception user attempting to connect via SSH failed to
authenticate for more than a maximum allowed number of times in a
period of tmnxPasswordAttemptsTime minutes.
The value of the object tmnxPasswordAttemptsCount indicates the
maximum number of unsuccessful login attempts allowed.
The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
the number of minutes the user is locked out.
The value of the object tmnxSecNotifyUserName indicates the name of
the user attempting to connect via SSH.
The value of the object tmnxSecNotifyAddrType indicates the type of
the IP address stored in the object tmnxSecNotifyAddr.
The value of the object tmnxSecNotifyAddr indicates the IP address of
the user attempting to connect via SSH.
[EFFECT] The user is locked out for a period of
tmnxPasswordAttemptsLockoutPeriod minutes. An SSH session is
terminated.
[RECOVERY] No recovery action is required."
::= { tmnxSecurityNotifications 52 }
tmnxLiUserFtpLoginMaxAttempts NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifyUserName,
tmnxSecNotifyAddrType,
tmnxSecNotifyAddr,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsLockoutPeriod
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxLiUserFtpLoginMaxAttempts notification is generated when
a Lawful Interception user attempting to connect via FTP failed to
authenticate for more than a maximum allowed number of times in a
period of tmnxPasswordAttemptsTime minutes.
The value of the object tmnxPasswordAttemptsCount indicates the
maximum number of unsuccessful login attempts allowed.
The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
the number of minutes the user is locked out.
The value of the object tmnxSecNotifyUserName indicates the name of
the user attempting to connect via FTP.
The value of the object tmnxSecNotifyAddrType indicates the type of
the IP address stored in the object tmnxSecNotifyAddr.
The value of the object tmnxSecNotifyAddr indicates the IP address of
the user attempting to connect via FTP.
[EFFECT] The user is locked out for a period of
tmnxPasswordAttemptsLockoutPeriod minutes. An FTP session is
terminated.
[RECOVERY] No recovery action is required."
::= { tmnxSecurityNotifications 53 }
tmnxAppPkiCertVerificationFailed NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifClientAppName,
tmnxSecNotifCert,
tmnxSecNotifFailureReason
}
STATUS current
DESCRIPTION
"[CAUSE] The tmnxAppPkiCertVerificationFailed notification is generated
when an attempt to verify the certificate fails for a non-IPsec
application.
[EFFECT] Fail to establish a secured connection with the remote
entity.
[RECOVERY] Make sure the certificate specified in tmnxSecNotifCert is
a valid certificate and an appropriate trust anchor is configured."
::= { tmnxSecurityNotifications 54 }
tmnxUserNetconfLoginMaxAttempts NOTIFICATION-TYPE
OBJECTS {
tmnxSecNotifyUserName,
tmnxSecNotifyAddrType,
tmnxSecNotifyAddr,
tmnxPasswordAttemptsCount,
tmnxPasswordAttemptsLockoutPeriod
}
STATUS current
DESCRIPTION
"[CAUSE] A tmnxUserNetconfLoginMaxAttempts notification is generated
when a user attempting to connect via netconf failed to authenticate
for more than a maximum allowed number of times in a period of
tmnxPasswordAttemptsTime minutes.
The value of the object tmnxPasswordAttemptsCount indicates the
maximum number of unsuccessful login attempts allowed.
The value of the object tmnxPasswordAttemptsLockoutPeriod indicates
the number of minutes the user is locked out.
The value of the object tmnxSecNotifyUserName indicates the name of
the user attempting to connect via netconf.
The value of the object tmnxSecNotifyAddrType indicates the type of
the IP address stored in the object tmnxSecNotifyAddr.
The value of the object tmnxSecNotifyAddr indicates the IP address of
the user attempting to connect via netconf.
[EFFECT] The user is locked out for a period of
tmnxPasswordAttemptsLockoutPeriod minutes. The netconf session is
terminated.
[RECOVERY] No recovery action is required."
::= { tmnxSecurityNotifications 55 }
END
View Git Blame Copy Permalink